CVE-2012-10001 (The Limit Login Attempts plugin before 1.7.1 for WordPress does not cl ...) NOT-FOR-US: Limit Login Attempts plugin for WordPress CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) NOT-FOR-US: SocialEngine CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...) NOT-FOR-US: SocialEngine CVE-2012-6719 (The sharebar plugin before 1.2.2 for WordPress has SQL injection. ...) NOT-FOR-US: sharebar plugin for WordPress CVE-2012-6718 (The sharebar plugin before 1.2.2 for WordPress has XSS, a different is ...) NOT-FOR-US: sharebar plugin for WordPress CVE-2012-6717 (The redirection plugin before 2.2.12 for WordPress has XSS, a differen ...) NOT-FOR-US: redirection plugin for WordPress CVE-2012-6716 (The events-manager plugin before 5.1.7 for WordPress has XSS via JSON ...) NOT-FOR-US: events-manager plugin for WordPress CVE-2012-6715 (The formbuilder plugin before 0.9.1 for WordPress has XSS via a Refere ...) NOT-FOR-US: formbuilder plugin for WordPress CVE-2012-6714 (The count-per-day plugin before 3.2.3 for WordPress has XSS via search ...) NOT-FOR-US: count-per-day plugin for WordPress CVE-2012-6713 (The job-manager plugin before 0.7.19 for WordPress has multiple XSS is ...) NOT-FOR-US: job-manager plugin for WordPress CVE-2012-6712 (In the Linux kernel before 3.4, a buffer overflow occurs in drivers/ne ...) - linux 3.8.11-1 NOTE: https://git.kernel.org/linus/2da424b0773cea3db47e1e81db71eeebde8269d4 CVE-2012-6711 (A heap-based buffer overflow exists in GNU Bash before 4.3 when wide c ...) - bash 4.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1721071 NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=863d31ae775d56b785dc5b0105b6d251515d81d5 (bash-4.3-alpha) CVE-2012-6710 (ext_find_user in eXtplorer through 2.1.2 allows remote attackers to by ...) - extplorer CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Valid ...) [experimental] - elinks 0.13~20190125-1 - elinks 0.13~20190125-3 (low; bug #891575) [stretch] - elinks (Minor issue) [jessie] - elinks (Minor issue) [wheezy] - elinks (Minor issue) - links2 2.6-1 (bug #694658; bug #510417) NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html NOTE: tested links2 against badssl.com, no apparent issue back in wheezy NOTE: src:links2/2.6-1 adds verify-ssl-certs-510417.diff to verify SSL certs. NOTE: src:links2 upstream in 2.11 adds support for verifying SSL certificates. CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attack ...) - jquery 1.11.3+dfsg-1 [jessie] - jquery (Too intrusive to backport) [wheezy] - jquery (Too invasive to fix) NOTE: https://bugs.jquery.com/ticket/11290 NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d NOTE: https://snyk.io/vuln/npm:jquery:20120206 NOTE: 1.9 release introduced backwards incompatible changes to fix this, so may be too invasive to fix CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...) - wordpress (bug #880868) [bullseye] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [buster] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [stretch] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [jessie] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) [wheezy] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) NOTE: https://core.trac.wordpress.org/ticket/21022 NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following. CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, a ...) {DLA-1014-1 DLA-1003-1} - unrar-nonfree 1:5.5.5-1 (bug #865461) [stretch] - unrar-nonfree 1:5.3.2-1+deb9u1 [jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1 - libclamunrar 0.99-4 (bug #867223) [stretch] - libclamunrar 0.99-3+deb9u1 [jessie] - libclamunrar 0.99-0+deb8u3 NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...) NOT-FOR-US: Jamroom CVE-2012-XXXX [Option -localhost seems to fail to restrict ipv6 access] [experimental] - x11vnc 0.9.16-1 - x11vnc 0.9.16-2 (low; bug #672435) [buster] - x11vnc (Minor issue; workaround exits) [stretch] - x11vnc (Minor issue; workaround exits) [jessie] - x11vnc (Minor issue; workaround exits) [wheezy] - x11vnc (Minor issue; workaround exits) CVE-2012-6704 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...) {DLA-772-1} - linux 3.8.11-1 NOTE: Fixed by: https://git.kernel.org/linus/82981930125abfd39d7c8378a9cfdf5e1be2002b (v3.5-rc1) CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in sound/co ...) - linux 3.8.11-1 [wheezy] - linux (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1) CVE-2012-6702 (Expat, when used in a parser that has not called XML_SetHashSalt or pa ...) {DSA-3597-1 DLA-508-1} - expat 2.1.1-3 CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows l ...) - linux (Fixed in v3.2.19; which was before src:linux rename) - linux-2.6 3.2.19-1 NOTE: https://git.kernel.org/linus/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 (v3.5-rc1) NOTE: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=07343eab681bf8c22a2b31d978569a5f65253171 (v3.2.19) CVE-2012-6700 (The decode_search function in dhcp.c in dhcpcd 3.x does not properly f ...) {DSA-3534-1 DLA-362-1} - dhcpcd NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226 CVE-2012-6699 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP ...) {DSA-3534-1} - dhcpcd NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226 CVE-2012-6698 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP ...) {DSA-3534-1 DLA-362-1} - dhcpcd NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226 CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...) NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server 4. ...) NOT-FOR-US: GE Healthcare Centricity PACS Workstation CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...) NOT-FOR-US: GE Healthcare Centricity PACS CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in th ...) NOT-FOR-US: WordPress plugin wordpress-seo CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: osCMax CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned inte ...) {DSA-3226-1 DLA-276-1} - inspircd 2.0.16-1 (bug #780880) NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89 NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5 CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ser ...) {DSA-3226-1 DLA-276-1} - inspircd 2.0.16-1 (bug #780880) NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423 NOTE: https://www.openwall.com/lists/oss-security/2015/03/29/5 CVE-2012-6690 RESERVED CVE-2012-6688 REJECTED CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux ...) {DLA-246-1} - linux 3.6.4-1 [wheezy] - linux 3.2.30-1 - linux-2.6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949 NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/13 NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5) CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...) {DLA-431-1 DLA-430-1} - libfcgi 2.4.0-8.3 (bug #681591) [wheezy] - libfcgi 2.4.0-8.1+deb7u1 - libfcgi-perl 0.78-2 (bug #815840) [jessie] - libfcgi-perl 0.77-1+deb8u1 [wheezy] - libfcgi-perl (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2015/02/06/4 CVE-2012-XXXX [Insufficient validation of USB device descriptors] - oss4 4.2-build2010-2 (bug #775662) [wheezy] - oss4 (Minor issue) [squeeze] - oss4 (Minor issue) CVE-2012-6686 REJECTED CVE-2012-6685 (Nokogiri before 1.5.4 is vulnerable to XXE attacks ...) {DLA-229-1} - ruby-nokogiri 1.5.4-1 (low) - libnokogiri-ruby NOTE: https://github.com/sparklemotion/nokogiri/issues/693 NOTE: Full fix requires fixing CVE-2014-0191 in libxml2 too. CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...) {DSA-3168-1 DLA-167-1} - ruby-redcloth 4.2.9-4 (bug #774748) - redcloth NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en CVE-2012-6683 RESERVED CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in downloads/actions/editdown ...) NOT-FOR-US: DragonByte Technologies vBDownloads module for vBulletin CVE-2012-6681 RESERVED CVE-2012-6680 RESERVED CVE-2012-6679 RESERVED CVE-2012-6678 RESERVED CVE-2012-6677 RESERVED CVE-2012-6676 RESERVED CVE-2012-6675 RESERVED CVE-2012-6674 RESERVED CVE-2012-6673 RESERVED CVE-2012-6672 RESERVED CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in actions/main.ph ...) NOT-FOR-US: DragonByte Technologies Forumon RPG module for vBulletin CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte ...) NOT-FOR-US: DragonByte Technologies vbActivity module for vBulletin CVE-2012-6669 RESERVED CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout Repor ...) NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...) NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...) NOT-FOR-US: vBSeo CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...) NOT-FOR-US: phpMoneyBooks CVE-2012-6664 RESERVED CVE-2012-6663 (General Electric D20ME devices are not properly configured and reveal ...) NOT-FOR-US: General Electric D20ME devices CVE-2012-6662 (Cross-site scripting (XSS) vulnerability in the default content option ...) - jqueryui 1.10.1+dfsg-1 [wheezy] - jqueryui (ui.tooltip not yet present) [squeeze] - jqueryui (code not present) NOTE: http://bugs.jqueryui.com/ticket/8861 NOTE: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta ...) - zope2.12 2.12.26-1 - zope2.13 (Fixed before initial upload in upstream version 2.13.19) NOTE: CVE SPLIT from CVE-2012-5508 CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the servic ...) NOT-FOR-US: GE Healthcare Precision MPi CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in Pho ...) NOT-FOR-US: Phorum CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3. ...) NOT-FOR-US: SpiceWorks CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...) {DLA-103-1} - linux 3.6.4-1 [wheezy] - linux 3.2.32-1 - linux-2.6 NOTE: Upstream fix: https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582 (v3.6) CVE-2012-6654 (Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier al ...) NOT-FOR-US: ZPanel CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows con ...) {DSA-3142-1 DLA-97-1} - glibc 2.17-1 - eglibc [wheezy] - eglibc (Will be fixed in a point update) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5 CVE-2012-6655 (An issue exists AccountService 0.6.37 in the user_change_password_auth ...) - accountsservice (low; bug #757912) [bullseye] - accountsservice (Minor issue) [buster] - accountsservice (Minor issue) [stretch] - accountsservice (Minor issue) [jessie] - accountsservice (Minor issue) [wheezy] - accountsservice (Minor issue) NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000 CVE-2012-6653 (Unspecified vulnerability in the All Video Gallery (all-video-gallery) ...) NOT-FOR-US: WordPress plugin all-video-gallery CVE-2012-6652 (Directory traversal vulnerability in pageflipbook.php script from inde ...) NOT-FOR-US: WordPress plugin wppageflip CVE-2012-6651 (Multiple directory traversal vulnerabilities in the Vitamin plugin bef ...) NOT-FOR-US: WordPress plugin vitamin CVE-2012-6650 RESERVED CVE-2012-6649 (WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute ...) NOT-FOR-US: WordPress WP GPX Maps Plugin CVE-2012-6648 (gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as ...) NOT-FOR-US: gdm-guest-session (Ubuntu-specific) CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux kern ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef NOTE: Introduced in https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122 CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security befor ...) NOT-FOR-US: F-Secure CVE-2012-6645 (Cross-site scripting (XSS) vulnerability in the autocomplete functiona ...) NOT-FOR-US: Drupal module Finder CVE-2012-6644 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 ...) NOT-FOR-US: Drupal module ClipBucket CVE-2012-6643 (Multiple SQL injection vulnerabilities in the update_counter function ...) NOT-FOR-US: Drupal module ClipBucket CVE-2012-6642 (Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remo ...) NOT-FOR-US: Drupal module ClipBucket CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the Socoli ...) NOT-FOR-US: PrestaShop CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail Progra ...) - php-horde-imp 5.0.22 - horde3 (low) [squeeze] - horde3 (Minor issue) CVE-2012-6639 (An privilege elevation vulnerability exists in Cloud-init before 0.7.0 ...) - cloud-init 0.7.1-1 NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299 CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linu ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...) NOT-FOR-US: Apache Cordova CVE-2012-6636 (The Android API before 17 does not properly restrict the WebView.addJa ...) NOT-FOR-US: Android CVE-2012-6635 (wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3. ...) - wordpress 3.4+dfsg-1 CVE-2012-6634 (wp-admin/media-upload.php in WordPress before 3.3.3 allows remote atta ...) - wordpress 3.4+dfsg-1 CVE-2012-6633 (Cross-site scripting (XSS) vulnerability in wp-includes/default-filter ...) - wordpress 3.4+dfsg-1 CVE-2012-6621 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3 ...) NOT-FOR-US: GetSimple CMS CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks a ...) - php-horde-kronolith 4.0.2-1 - kronolith2 (Vulnerable code not present) NOTE: https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2 NOTE: fixed upstream in 3.0.17 CVE-2012-6619 (The default configuration for MongoDB before 2.3.2 does not validate o ...) - mongodb 1:2.4.1-1 [wheezy] - mongodb (Workaround exists, intrusive change) [squeeze] - mongodb (Workaround exists, intrusive change) NOTE: http://article.gmane.org/gmane.comp.security.oss.general/11822 NOTE: https://jira.mongodb.org/browse/SERVER-7769 CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmpeg be ...) {DSA-2947-1} - libav 6:9.11-1 - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733 CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before 1. ...) - libav 6:9.11-1 [wheezy] - libav (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680) - ffmpeg (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680) NOTE: Fix in ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314 CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in FFmpe ...) - libav (Vulnerable code not present in libav) - ffmpeg (Vulnerable code not present in older ffmpeg) CVE-2012-6615 (The ff_ass_split_override_codes function in libavcodec/ass_split.c in ...) - libav (Vulnerable code not present in libav) - ffmpeg (Vulnerable code not present in older ffmpeg) CVE-2012-6614 (D-Link DSR-250N devices before 1.08B31 allow remote authenticated user ...) NOT-FOR-US: D-Link CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root ...) NOT-FOR-US: D-Link CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...) {DSA-2963-1} - lucene-solr 3.6.2+dfsg-2 (bug #731113) CVE-2012-6611 (An issue was discovered in Polycom Web Management Interface G3/HDX 800 ...) NOT-FOR-US: Polycom CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...) NOT-FOR-US: Polycom HDX Video End Points CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...) NOT-FOR-US: Polycom HDX Video End Points CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...) NOT-FOR-US: Elastix CVE-2012-6607 (The transform_save function in transform.c in Augeas before 1.0.0 allo ...) - augeas 1.0.0-1 (low) [squeeze] - augeas (Minor issue) [wheezy] - augeas (Minor issue) CVE-2012-6632 (Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill ...) NOT-FOR-US: Vessio NetBill CVE-2012-6631 (Cross-site request forgery (CSRF) vulnerability in accounts/admin/inde ...) NOT-FOR-US: Vessio NetBill CVE-2012-6630 (Multiple cross-site scripting (XSS) vulnerabilities in the Media Libra ...) NOT-FOR-US: WordPress plugin Media Library Categories CVE-2012-6629 (Multiple cross-site request forgery (CSRF) vulnerabilities in the News ...) NOT-FOR-US: WordPress plugin Newsletter Manager CVE-2012-6628 (Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter ...) NOT-FOR-US: WordPress plugin Newsletter Manager CVE-2012-6627 (Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the ...) NOT-FOR-US: WordPress plugin Newsletter Manager CVE-2012-6626 (SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows re ...) NOT-FOR-US: b2ePMS CVE-2012-6625 (SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress ...) NOT-FOR-US: WordPress plugin WP Forum Server CVE-2012-6624 (Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plu ...) NOT-FOR-US: WordPress plugin SoundCloud Is Gold CVE-2012-6623 (Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php ...) NOT-FOR-US: WordPress plugin ForumPress WP Forum Server CVE-2012-6622 (Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-adm ...) NOT-FOR-US: WordPress plugin ForumPress WP Forum Server CVE-2012-6606 (Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does no ...) NOT-FOR-US: alo Alto Networks GlobalProtect CVE-2012-6605 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6604 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6603 (The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0. ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6602 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6601 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6600 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6599 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6598 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6597 (Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6596 (Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 st ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6595 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6594 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6593 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6592 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6591 (The device-management command-line interface in Palo Alto Networks PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6590 (The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2012-6589 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Busines ...) NOT-FOR-US: MYRE Business Directory CVE-2012-6588 (SQL injection vulnerability in links.php in MYRE Business Directory al ...) NOT-FOR-US: MYRE Business Directory CVE-2012-6587 (Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_me ...) NOT-FOR-US: MYRE Vacation Rental CVE-2012-6586 (Multiple SQL injection vulnerabilities in MYRE Vacation Rental Softwar ...) NOT-FOR-US: MYRE Vacation Rental CVE-2012-6585 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty ...) NOT-FOR-US: MYRE Realty Manager CVE-2012-6584 (Multiple SQL injection vulnerabilities in MYRE Realty Manager allow re ...) NOT-FOR-US: MYRE Realty Manager CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1 ...) NOT-FOR-US: Imagemenu Drupal contributed module CVE-2012-6582 (Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x ...) NOT-FOR-US: Spambot Drupal contributed module CVE-2012-6581 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3 CVE-2012-6580 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3 CVE-2012-6579 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3 CVE-2012-6578 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3 CVE-2012-6577 (SQL injection vulnerability in the Formhandler extension before 1.4.1 ...) NOT-FOR-US: Formhandler TYPO3 extension CVE-2012-6576 (Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x- ...) NOT-FOR-US: Drupal module PRH Search CVE-2012-6575 (Cross-site scripting (XSS) vulnerability in the Exposed Filter Data mo ...) NOT-FOR-US: Drupal module Exposed Filter Data CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify module ...) NOT-FOR-US: Drupal module Fonecta verify CVE-2012-6572 (Cross-site scripting (XSS) vulnerability in the phptemplate_preprocess ...) NOT-FOR-US: Inf08 theme for Drupal CVE-2012-6571 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...) NOT-FOR-US: Branch Intelligent Management System, Huawei routers CVE-2012-6570 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...) NOT-FOR-US: Branch Intelligent Management System, Huawei routers CVE-2012-6569 (Stack-based buffer overflow in the HTTP module in the (1) Branch Intel ...) NOT-FOR-US: Branch Intelligent Management System, Huawei routers CVE-2012-6568 (Buffer overflow in the back-end component in Huawei UTPS 1.0 allows lo ...) NOT-FOR-US: Huawei UTPS CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to execute arbi ...) NOT-FOR-US: REDCap CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allow ...) NOT-FOR-US: REDCap CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allow ...) NOT-FOR-US: REDCap CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allow ...) NOT-FOR-US: REDCap CVE-2012-6563 (engine/lib/access.php in Elgg before 1.8.5 does not properly clear cac ...) - elgg (bug #526197) CVE-2012-6562 (engine/lib/users.php in Elgg before 1.8.5 does not properly specify pe ...) - elgg (bug #526197) CVE-2012-6561 (Cross-site scripting (XSS) vulnerability in engine/lib/views.php in El ...) - elgg (bug #526197) CVE-2012-6560 (SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows re ...) NOT-FOR-US: FreeNAC CVE-2012-6559 (Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 al ...) NOT-FOR-US: FreeNAC CVE-2012-6558 (Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows r ...) NOT-FOR-US: HeavenTools PE Explorer CVE-2012-6557 (Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe plu ...) NOT-FOR-US: Vanilla Forums CVE-2012-6556 (Multiple cross-site scripting (XSS) vulnerabilities in the FirstLastNa ...) NOT-FOR-US: Vanilla Forums CVE-2012-6555 (Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1 ...) NOT-FOR-US: Vanilla Forums CVE-2012-6554 (functions/html_to_text.php in the Chat module before 1.5.2 for activeC ...) NOT-FOR-US: activeCollab CVE-2012-6553 (Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote a ...) NOT-FOR-US: Resource Hacker CVE-2012-6552 (Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2 ...) NOT-FOR-US: phpVMS CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ...) - activemq (Example code not shipped in .deb) CVE-2012-6573 (Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomple ...) NOT-FOR-US: DRUPAL-SA-CONTRIB-2012-136 CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...) - db4o (unimportant) NOTE: in doc package only CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...) {DSA-2668-1} - linux 3.2.41-1 (low) - linux-2.6 (low) CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel befor ...) {DSA-2668-1} - linux 3.2.41-1 (low) - linux-2.6 (low) CVE-2012-6547 (The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel ...) - linux 3.2.29-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 2.6.32-47 CVE-2012-6546 (The ATM implementation in the Linux kernel before 3.6 does not initial ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6545 (The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 doe ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6544 (The Bluetooth protocol stack in the Linux kernel before 3.6 does not p ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6543 (The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kern ...) - linux (Affected code introduced in 3.5) - linux-2.6 (Affected code introduced in 3.5) CVE-2012-6542 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel be ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6541 (The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the L ...) - linux 3.2.30-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.37) CVE-2012-6540 (The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6539 (The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 ...) {DSA-2668-1} - linux 3.2.30-1 (low) - linux-2.6 (low) CVE-2012-6538 (The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux ke ...) - linux 3.2.32-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.33) CVE-2012-6537 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initializ ...) {DSA-2668-1} - linux 3.2.32-1 (low) - linux-2.6 (low) CVE-2012-6536 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify th ...) - linux 3.2.32-1 (low) - linux-2.6 (low) [squeeze] - linux-2.6 (Introduced in 2.6.39) CVE-2012-XXXX [null pointer dereference] - chromium-browser 21.0.1180.57~r148591-1 [squeeze] - chromium-browser NOTE: http://seclists.org/fulldisclosure/2013/Mar/134 NOTE: full disclosure post dosn't make it clear if a CVE was assigned for this or not, but it is fixed in the above version CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDr ...) {DSA-2844-1} - djvulibre 3.5.25.3-1 NOTE: http://sourceforge.net/p/djvu/djvulibre-git/ci/d4f0f6d37fe6a1fb427cfa33a64ead1eff32d28e/ NOTE: evince doesnt use an embedded version of this CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to ...) NOT-FOR-US: Novell Sentinel Log Manager CVE-2012-6533 (Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryp ...) NOT-FOR-US: Symantec PGP Desktop CVE-2012-6532 ((1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in Zen ...) {DLA-251-1} - zendframework 1.11.13-1 CVE-2012-6531 ((1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x b ...) {DLA-251-1} - zendframework 1.11.13-1 CVE-2012-6530 (Stack-based buffer overflow in Sysax Multi Server before 5.52, when HT ...) NOT-FOR-US: Sysax Multi Server CVE-2012-6529 (Multiple SQL injection vulnerabilities in Marinet CMS allow remote att ...) NOT-FOR-US: Marinet CMS CVE-2012-6528 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2 ...) NOT-FOR-US: ATutor CVE-2012-6527 (Cross-site scripting (XSS) vulnerability in the My Calendar plugin bef ...) NOT-FOR-US: WordPress plugin My Calendar CVE-2012-6526 (SQL injection vulnerability in show_code.php in Vastal I-Tech Freelanc ...) NOT-FOR-US: Vastal I-Tech Freelance Zone CVE-2012-6525 (SQL injection vulnerability in members.php in PHPBridges allows remote ...) NOT-FOR-US: PHPBridges CVE-2012-6524 (SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote ...) NOT-FOR-US: pGB CVE-2012-6523 (Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allo ...) NOT-FOR-US: w-CMS 2.01 CVE-2012-6522 (Directory traversal vulnerability in the getContent function in codes/ ...) NOT-FOR-US: w-CMS 2.01 CVE-2012-6521 (Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versio ...) NOT-FOR-US: Elefant CMS CVE-2012-6520 (Multiple SQL injection vulnerabilities in the advanced search in Wikid ...) NOT-FOR-US: Wikidforum CVE-2012-6519 (SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 a ...) NOT-FOR-US: DIY-CMS CVE-2012-6518 (Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS ...) NOT-FOR-US: DiY-CMS CVE-2012-6517 (Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 all ...) NOT-FOR-US: DiY-CMS CVE-2012-6516 (SQL injection vulnerability in PHP Ticket System Beta 1 allows remote ...) NOT-FOR-US: PHP Ticket System Beta CVE-2012-6515 (eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers ...) NOT-FOR-US: eFront CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) comp ...) NOT-FOR-US: nBill for Joomla! CVE-2012-6513 (Cross-site scripting (XSS) vulnerability in index.php/Admin_Preference ...) NOT-FOR-US: gpEasy CMS CVE-2012-6512 (The Organizer plugin 1.2.1 for WordPress allows remote attackers to ob ...) NOT-FOR-US: Organizer wordpress plugin not in Debian CVE-2012-6511 (Multiple cross-site scripting (XSS) vulnerabilities in organizer/page/ ...) NOT-FOR-US: Organizer wordpress plugin not in Debian CVE-2012-6510 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Ca ...) NOT-FOR-US: NetArt Media Car Portal CVE-2012-6509 (Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 ...) NOT-FOR-US: NetArt Media Car Portal CVE-2012-6508 (Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt M ...) NOT-FOR-US: NetArt Media Car Portal CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 ...) NOT-FOR-US: ChurchCMS CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web ...) NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in mods/hours/data/get_hours. ...) NOT-FOR-US: PHP Volunteer Management not in Debian CVE-2012-6504 (SQL injection vulnerability in mods/hours/data/get_hours.php in PHP Vo ...) NOT-FOR-US: PHP Volunteer Management not in Debian CVE-2012-6503 (Unspecified vulnerability in the NinjaXplorer component before 1.0.7 f ...) NOT-FOR-US: NinjaXplorer for Joomla! CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to obtai ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-6110 (bcron-exec in bcron before 0.10 does not close file descriptors associ ...) - bcron 0.09-13 (low; bug #686650) [squeeze] - bcron 0.09-11+squeeze1 CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) befor ...) NOT-FOR-US: HP PKI ActiveX CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in Pragyan CMS 3 ...) NOT-FOR-US: Pragyan CMS CVE-2012-6499 (Open redirect vulnerability in age-verification.php in the Age Verific ...) NOT-FOR-US: Age Verification plugin for WordPress CVE-2012-0722 REJECTED CVE-2012-6498 (Unrestricted file upload vulnerability in index.php in Atomymaxsite 2. ...) NOT-FOR-US: Atomymaxsite CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions b ...) {DSA-2597-1} - ruby-activerecord-3.2 3.2.6-3 - ruby-activerecord-2.3 2.3.14-3 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on ...) {DSA-2597-1} - ruby-activerecord-3.2 3.2.6-3 - ruby-activerecord-2.3 2.3.14-3 - rails 2.3.14.1 NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw (act ...) {DSA-2593-1} - moin 1.9.5-3 [wheezy] - moin 1.9.4-8+deb7u1 CVE-2012-6494 (Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability ...) NOT-FOR-US: Rapid7 Nexpose CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Secu ...) NOT-FOR-US: Rapid7 Nexpose Security Console CVE-2012-6492 REJECTED CVE-2012-6491 REJECTED CVE-2012-6490 REJECTED CVE-2012-6489 REJECTED CVE-2012-6488 REJECTED CVE-2012-6487 REJECTED CVE-2012-6486 REJECTED CVE-2012-6485 REJECTED CVE-2012-6484 REJECTED CVE-2012-6483 REJECTED CVE-2012-6482 REJECTED CVE-2012-6481 REJECTED CVE-2012-6480 REJECTED CVE-2012-6479 REJECTED CVE-2012-6478 REJECTED CVE-2012-6477 REJECTED CVE-2012-6476 REJECTED CVE-2012-6475 REJECTED CVE-2012-6474 REJECTED CVE-2012-6473 REJECTED CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile direc ...) NOT-FOR-US: Opera CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field ...) NOT-FOR-US: Opera CVE-2012-6470 (Opera before 12.12 does not properly allocate memory for GIF images, w ...) NOT-FOR-US: Opera CVE-2012-6469 (Opera before 12.11 allows remote attackers to determine the existence ...) NOT-FOR-US: Opera CVE-2012-6468 (Heap-based buffer overflow in Opera before 12.11 allows remote attacke ...) NOT-FOR-US: Opera CVE-2012-6467 (Opera before 12.10 follows Internet shortcuts that are referenced by a ...) NOT-FOR-US: Opera CVE-2012-6466 (Opera before 12.10 does not properly handle incorrect size data in a W ...) NOT-FOR-US: Opera CVE-2012-6465 (Opera before 12.10 allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Opera CVE-2012-6464 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...) NOT-FOR-US: Opera CVE-2012-6463 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...) NOT-FOR-US: Opera CVE-2012-6462 (Opera before 12.10 does not properly implement the Cross-Origin Resour ...) NOT-FOR-US: Opera CVE-2012-6461 (The X.509 certificate-validation functionality in the https implementa ...) NOT-FOR-US: Opera CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote attackers to ca ...) NOT-FOR-US: Opera CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after off ...) - connman 1.0-1.1 (bug #697580) [wheezy] - connman 1.0-1.1+wheezy1 [squeeze] - connman (Minor issue) CVE-2012-6458 (Multiple cross-site scripting (XSS) vulnerabilities in the SilverStrip ...) - silverstripe (bug #528461) CVE-2012-6457 RESERVED CVE-2012-6456 RESERVED CVE-2012-6455 RESERVED CVE-2012-6454 RESERVED CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway ...) NOT-FOR-US: Axway Secure Messenger CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass ...) NOT-FOR-US: Lorex LNC116 and LNC104 IP Cameras CVE-2012-6450 RESERVED CVE-2012-6449 (The clientconf.html and detailbw.html pages in x3 in cPanel & WHM ...) NOT-FOR-US: cPanel CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 all ...) NOT-FOR-US: cPanel CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...) NOT-FOR-US: Splunk CVE-2012-6446 RESERVED CVE-2012-6445 RESERVED CVE-2012-6444 RESERVED CVE-2012-6443 RESERVED CVE-2012-6453 (Cross-site scripting (XSS) vulnerability in the RSS Reader extension b ...) {DSA-2596-1} - mediawiki-extensions 2.11 (bug #696179) CVE-2012-6442 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6441 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6440 (The web-server password-authentication functionality in Rockwell Autom ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6439 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6438 (Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6437 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6436 (Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6435 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-E ...) NOT-FOR-US: Rockwell Automation EtherNet/IP CVE-2012-6434 (Multiple cross-site request forgery (CSRF) vulnerabilities in e107_adm ...) NOT-FOR-US: e107 CVE-2012-6433 (Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost ...) NOT-FOR-US: e107 CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the ...) NOT-FOR-US: Symfony CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data consiste ...) NOT-FOR-US: Symfony CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5. ...) NOT-FOR-US: Open Solution Quick.Cart and Quick.Cms CVE-2012-6429 (Buffer overflow in the PrepareSync method in the SyncService.dll Activ ...) NOT-FOR-US: Samsung Kies CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establish ...) NOT-FOR-US: Carlo Gavazzi EOS-Box CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with f ...) NOT-FOR-US: Carlo Gavazzi EOS-Box CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the signature-verification cap ...) - lemonldap-ng 1.2.2-3 (bug #696329) [wheezy] - lemonldap-ng 1.1.2-5+deb7u1 [squeeze] - lemonldap-ng (SAML code not present) CVE-2012-6425 RESERVED CVE-2012-6424 RESERVED CVE-2012-6423 RESERVED CVE-2012-6422 (The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly ...) NOT-FOR-US: Android kernel CVE-2012-6421 REJECTED CVE-2012-6420 REJECTED CVE-2012-6419 REJECTED CVE-2012-6418 REJECTED CVE-2012-6417 REJECTED CVE-2012-6416 REJECTED CVE-2012-6415 REJECTED CVE-2012-6414 REJECTED CVE-2012-6413 REJECTED CVE-2012-6412 REJECTED CVE-2012-6411 REJECTED CVE-2012-6410 REJECTED CVE-2012-6409 REJECTED CVE-2012-6408 REJECTED CVE-2012-6407 REJECTED CVE-2012-6406 REJECTED CVE-2012-6405 REJECTED CVE-2012-6404 REJECTED CVE-2012-6403 REJECTED CVE-2012-6402 REJECTED CVE-2012-6401 REJECTED CVE-2012-6400 RESERVED CVE-2012-6399 (Cisco WebEx 4.1 on iOS does not verify that the server hostname matche ...) NOT-FOR-US: Cisco CVE-2012-6398 RESERVED CVE-2012-6397 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (former ...) NOT-FOR-US: Cisco WebEx Social CVE-2012-6396 (Cisco NX-OS on Nexus 7000 series switches does not properly handle cer ...) NOT-FOR-US: Cisco NX-OS CVE-2012-6395 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-6394 RESERVED CVE-2012-6393 RESERVED CVE-2012-6392 (Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux d ...) NOT-FOR-US: Cisco Prime LMS CVE-2012-6391 RESERVED CVE-2012-6390 RESERVED CVE-2012-6389 RESERVED CVE-2012-6388 RESERVED CVE-2012-6387 RESERVED CVE-2012-6386 RESERVED CVE-2012-6385 RESERVED CVE-2012-6384 RESERVED CVE-2012-6383 RESERVED CVE-2012-6382 RESERVED CVE-2012-6381 RESERVED CVE-2012-6380 RESERVED CVE-2012-6379 RESERVED CVE-2012-6378 RESERVED CVE-2012-6377 RESERVED CVE-2012-6376 RESERVED CVE-2012-6375 RESERVED CVE-2012-6374 RESERVED CVE-2012-6373 RESERVED CVE-2012-6372 RESERVED CVE-2012-6371 (The WPA2 implementation on the Belkin N900 F9K1104v1 router establishe ...) NOT-FOR-US: Belkin router CVE-2012-6370 RESERVED CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting Report ...) NOT-FOR-US: AgileBits 1Password CVE-2012-6368 REJECTED CVE-2012-6367 REJECTED CVE-2012-6366 REJECTED CVE-2012-6365 REJECTED CVE-2012-6364 REJECTED CVE-2012-6363 REJECTED CVE-2012-6362 REJECTED CVE-2012-6361 RESERVED CVE-2012-6360 (Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations ...) NOT-FOR-US: IBM Intelligent Operations Center CVE-2012-6359 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6. ...) NOT-FOR-US: IBM Tivoli CVE-2012-6358 RESERVED CVE-2012-6357 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7. ...) NOT-FOR-US: IBM CVE-2012-6356 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7. ...) NOT-FOR-US: IBM CVE-2012-6355 (IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management E ...) NOT-FOR-US: IBM CVE-2012-6354 (The management GUI on the IBM SAN Volume Controller and Storwize V7000 ...) NOT-FOR-US: IBM CVE-2012-6353 RESERVED CVE-2012-6352 (The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on ...) NOT-FOR-US: IBM Sterling Connect:Direct CVE-2012-6351 RESERVED CVE-2012-6350 (Cross-site scripting (XSS) vulnerability in the Web component in IBM C ...) NOT-FOR-US: IBM Cognos TM1 CVE-2012-6349 (Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used i ...) NOT-FOR-US: IBM Notes CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify Suit ...) NOT-FOR-US: Centrify CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java number for ...) NOT-FOR-US: FortiGate CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before ...) NOT-FOR-US: FortiWeb CVE-2012-6345 (Novell ZENworks Configuration Management before 11.2.4 allows obtainin ...) NOT-FOR-US: CyberArk Vault CVE-2012-6344 (Novell ZENworks Configuration Management before 11.2.4 allows XSS. ...) NOT-FOR-US: CyberArk Vault CVE-2012-6343 RESERVED CVE-2012-6342 (Cross-site request forgery (CSRF) vulnerability in logout.action in At ...) NOT-FOR-US: Atlassian Confluence CVE-2012-6341 (An Information Disclosure vulnerability exists in the my config file i ...) NOT-FOR-US: Netgear CVE-2012-6340 (An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due ...) NOT-FOR-US: Netgear CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Cerberus FTP Server CVE-2012-6338 RESERVED CVE-2012-6337 (The Track My Mobile feature in the SamsungDive subsystem for Android o ...) NOT-FOR-US: SamsungDive on Samsung Galaxy CVE-2012-6336 (The Missing Device feature in Lookout allows physically proximate atta ...) NOT-FOR-US: Lookout CVE-2012-6335 (The Anti-theft service in AVG AntiVirus for Android allows physically ...) NOT-FOR-US: AVG AntiVirus for Android CVE-2012-6334 (The Track My Mobile feature in the SamsungDive subsystem for Android o ...) NOT-FOR-US: SamsungDive subsystem for Android CVE-2012-6333 (Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM ...) {DSA-2636-1} - xen 4.1.3-8 CVE-2012-6332 RESERVED CVE-2012-6331 RESERVED CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki 1.0. ...) - foswiki (bug #509864) CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext implement ...) - perl 5.14.2-16 (bug #695224) [squeeze] - perl 5.10.1-17squeeze5 - foswiki (bug #509864) CVE-2012-6328 REJECTED CVE-2012-6327 REJECTED CVE-2012-6326 (VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and ...) NOT-FOR-US: vCenter CVE-2012-6325 (VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not pr ...) NOT-FOR-US: VMware vCenter Server Appliance CVE-2012-6324 (Directory traversal vulnerability in VMware vCenter Server Appliance ( ...) NOT-FOR-US: VMware vCenter Server Appliance CVE-2012-6323 RESERVED CVE-2012-6322 RESERVED CVE-2012-6321 RESERVED CVE-2012-6320 RESERVED CVE-2012-6319 RESERVED CVE-2012-6318 RESERVED CVE-2012-6317 RESERVED CVE-2012-6316 (Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL- ...) NOT-FOR-US: TP-LINK CVE-2012-6315 REJECTED CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, wh ...) NOT-FOR-US: Citrix XenDesktop CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 f ...) NOT-FOR-US: Wordpress plugin CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...) NOT-FOR-US: Wordpress plugin CVE-2012-6311 RESERVED CVE-2012-6310 RESERVED CVE-2012-6309 (A vulnerability exists in Arctic Torrent 1.4 via unspecified vectors i ...) NOT-FOR-US: Arctic Torrent CVE-2012-6308 RESERVED CVE-2012-6307 (A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue ...) NOT-FOR-US: JPEGsnoop CVE-2012-6306 (A vulnerability exists in HCView (aka Hardcoreview) 1.4 due to a write ...) NOT-FOR-US: HCView (aka Hardcoreview) CVE-2012-6305 RESERVED CVE-2012-6304 RESERVED CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generic/jkS ...) - snack 2.2.10-dfsg1-12.1 (low; bug #695614) [squeeze] - snack 2.2.10-dfsg1-9+squeeze1 - wavesurfer (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615) NOTE: http://secunia.com/advisories/49889/ NOTE: https://www.openwall.com/lists/oss-security/2012/12/10/2 CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...) NOT-FOR-US: Soapbox CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...) NOT-FOR-US: Android browser CVE-2012-6300 RESERVED CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12 ...) NOT-FOR-US: CA IdentityMinder CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12 ...) NOT-FOR-US: CA IdentityMinder CVE-2012-6297 (Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 fro ...) NOT-FOR-US: DD-WRT CVE-2012-6296 RESERVED CVE-2012-6295 RESERVED CVE-2012-6294 RESERVED CVE-2012-6293 RESERVED CVE-2012-6292 RESERVED CVE-2012-6291 RESERVED CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote authe ...) NOT-FOR-US: ImageCMS CVE-2012-6289 REJECTED CVE-2012-6288 REJECTED CVE-2012-6287 REJECTED CVE-2012-6286 REJECTED CVE-2012-6285 REJECTED CVE-2012-6284 REJECTED CVE-2012-6283 REJECTED CVE-2012-6282 REJECTED CVE-2012-6281 REJECTED CVE-2012-6280 REJECTED CVE-2012-6279 REJECTED CVE-2012-6278 REJECTED CVE-2012-6277 (Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 1 ...) NOT-FOR-US: IBM CVE-2012-6276 (Directory traversal vulnerability in the web-based management interfac ...) NOT-FOR-US: TP-LINK TL-WR841N CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAn ...) NOT-FOR-US: BigAnt IM Server CVE-2012-6274 (BigAntSoft BigAnt IM Message Server does not require authentication fo ...) NOT-FOR-US: BigAnt IM Server CVE-2012-6273 (SQL injection vulnerability in BigAntSoft BigAnt IM Message Server all ...) NOT-FOR-US: BigAnt IM Server CVE-2012-6272 (Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage ...) NOT-FOR-US: Dell OpenManage Server Administrator CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to t ...) NOT-FOR-US: Adobe Shockwave CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to t ...) NOT-FOR-US: Adobe Shockwave CVE-2012-6269 REJECTED CVE-2012-6268 REJECTED CVE-2012-6267 REJECTED CVE-2012-6266 REJECTED CVE-2012-6265 REJECTED CVE-2012-6264 REJECTED CVE-2012-6263 REJECTED CVE-2012-6262 REJECTED CVE-2012-6261 REJECTED CVE-2012-6260 REJECTED CVE-2012-6259 REJECTED CVE-2012-6258 REJECTED CVE-2012-6257 REJECTED CVE-2012-6256 REJECTED CVE-2012-6255 REJECTED CVE-2012-6254 REJECTED CVE-2012-6253 REJECTED CVE-2012-6252 REJECTED CVE-2012-6251 REJECTED CVE-2012-6250 REJECTED CVE-2012-6249 REJECTED CVE-2012-6248 REJECTED CVE-2012-6247 REJECTED CVE-2012-6246 REJECTED CVE-2012-6245 REJECTED CVE-2012-6244 REJECTED CVE-2012-6243 REJECTED CVE-2012-6242 REJECTED CVE-2012-6241 REJECTED CVE-2012-6240 REJECTED CVE-2012-6239 REJECTED CVE-2012-6238 REJECTED CVE-2012-6237 REJECTED CVE-2012-6236 REJECTED CVE-2012-6235 REJECTED CVE-2012-6234 REJECTED CVE-2012-6233 REJECTED CVE-2012-6232 REJECTED CVE-2012-6231 REJECTED CVE-2012-6230 REJECTED CVE-2012-6229 REJECTED CVE-2012-6228 REJECTED CVE-2012-6227 REJECTED CVE-2012-6226 REJECTED CVE-2012-6225 REJECTED CVE-2012-6224 REJECTED CVE-2012-6223 REJECTED CVE-2012-6222 REJECTED CVE-2012-6221 REJECTED CVE-2012-6220 REJECTED CVE-2012-6219 REJECTED CVE-2012-6218 REJECTED CVE-2012-6217 REJECTED CVE-2012-6216 REJECTED CVE-2012-6215 REJECTED CVE-2012-6214 REJECTED CVE-2012-6213 REJECTED CVE-2012-6212 REJECTED CVE-2012-6211 REJECTED CVE-2012-6210 REJECTED CVE-2012-6209 REJECTED CVE-2012-6208 REJECTED CVE-2012-6207 REJECTED CVE-2012-6206 REJECTED CVE-2012-6205 REJECTED CVE-2012-6204 REJECTED CVE-2012-6203 REJECTED CVE-2012-6202 REJECTED CVE-2012-6201 REJECTED CVE-2012-6200 REJECTED CVE-2012-6199 REJECTED CVE-2012-6198 REJECTED CVE-2012-6197 REJECTED CVE-2012-6196 REJECTED CVE-2012-6195 REJECTED CVE-2012-6194 REJECTED CVE-2012-6193 REJECTED CVE-2012-6192 REJECTED CVE-2012-6191 REJECTED CVE-2012-6190 REJECTED CVE-2012-6189 REJECTED CVE-2012-6188 REJECTED CVE-2012-6187 REJECTED CVE-2012-6186 REJECTED CVE-2012-6185 REJECTED CVE-2012-6184 REJECTED CVE-2012-6183 REJECTED CVE-2012-6182 REJECTED CVE-2012-6181 REJECTED CVE-2012-6180 REJECTED CVE-2012-6179 REJECTED CVE-2012-6178 REJECTED CVE-2012-6177 REJECTED CVE-2012-6176 REJECTED CVE-2012-6175 REJECTED CVE-2012-6174 REJECTED CVE-2012-6173 REJECTED CVE-2012-6172 REJECTED CVE-2012-6171 REJECTED CVE-2012-6170 REJECTED CVE-2012-6169 REJECTED CVE-2012-6168 REJECTED CVE-2012-6167 REJECTED CVE-2012-6166 REJECTED CVE-2012-6165 REJECTED CVE-2012-6164 REJECTED CVE-2012-6163 REJECTED CVE-2012-6162 REJECTED CVE-2012-6161 REJECTED CVE-2012-6160 REJECTED CVE-2012-6159 REJECTED CVE-2012-6158 REJECTED CVE-2012-6157 REJECTED CVE-2012-6156 REJECTED CVE-2012-6155 REJECTED CVE-2012-6154 REJECTED CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient befor ...) {DLA-222-1} - commons-httpclient 3.1-10.2 (bug #692442) NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549 CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does n ...) - pidgin 2.10.8-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...) - net-snmp 5.7.2.1~dfsg-3 (low; bug #731625) [wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1 [squeeze] - net-snmp (Minor issue) NOTE: http://sourceforge.net/p/net-snmp/bugs/2411/ NOTE: Upstream patch: http://sourceforge.net/p/net-snmp/code/ci/793d596838ff7cb48a73b675d62897c56c9e62df/ CVE-2012-6150 (The winbind_name_list_to_sid_string_list function in nsswitch/pam_winb ...) - samba 2:4.0.13+dfsg-1 (low) [wheezy] - samba 2:3.6.6-6+deb7u3 [squeeze] - samba (Can be fixed along in a future DSA) - samba4 (Samba 4 winbind does not implement this feature) NOTE: introduced http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392 NOTE: fixed by http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=10300 CVE-2012-6149 (Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/not ...) NOT-FOR-US: Red Hat Satellite CVE-2012-6148 (Cross-site scripting (XSS) vulnerability in the function menu API in T ...) - typo3-src 4.5.19+dfsg1-4 (bug #692775) [squeeze] - typo3-src (Vulnerable code not present) NOTE: https://review.typo3.org/16300 CVE-2012-6147 (Cross-site scripting (XSS) vulnerability in the tree render API (TCA-T ...) {DSA-2574-1} - typo3-src 4.5.19+dfsg1-4 (bug #692775) NOTE: https://review.typo3.org/16305 CVE-2012-6146 (The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before ...) {DSA-2574-1} - typo3-src 4.5.19+dfsg1-4 (bug #692775) NOTE: https://review.typo3.org/16304 CVE-2012-6145 (Cross-site scripting (XSS) vulnerability in the Backend History module ...) {DSA-2574-1} - typo3-src 4.5.19+dfsg1-4 (bug #692775) NOTE: https://review.typo3.org/16304 CVE-2012-6144 (SQL injection vulnerability in the Backend History module in TYPO3 4.5 ...) {DSA-2574-1} - typo3-src 4.5.19+dfsg1-4 (bug #692775) NOTE: https://review.typo3.org/16304 CVE-2012-6143 (Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use ...) - libspoon-perl (bug #715371; low) [squeeze] - libspoon-perl (Minor issue) [wheezy] - libspoon-perl (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85217 CVE-2012-6142 (Session::Cookie in the HTML::EP module 0.2011 for Perl does not proper ...) NOT-FOR-US: HTML-EP CPAN module NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85216 CVE-2012-6141 (The App::Context module 0.01 through 0.968 for Perl does not properly ...) NOT-FOR-US: App-Context CPAN module NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85215 CVE-2012-6140 (pam_google_authenticator.c in the PAM module in Google Authenticator b ...) - google-authenticator 20130529-1 (bug #666129) CVE-2012-6139 (libxslt before 1.1.28 allows remote attackers to cause a denial of ser ...) {DSA-2654-1} - libxslt 1.1.26-14.1 (bug #703933) NOTE: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833 NOTE: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d CVE-2012-6138 REJECTED CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does ...) NOT-FOR-US: Red Hat subscription-manager CVE-2012-6136 (tuned 2.10.0 creates its PID file with insecure permissions which allo ...) - tuned (Fixed before initial release to Debian) CVE-2012-6135 (RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to dele ...) - ruby-passenger (Vulnerable code not present; bug #702219) NOTE: 4.0.0 betas only CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...) - ruby-omniauth-oauth2 (Fixed in the first version uploaded to Debian) CVE-2012-6133 (Multiple cross-site scripting (XSS) vulnerabilities in Roundup before ...) {DLA-298-1} - roundup 1.4.20-1 NOTE: http://issues.roundup-tracker.org/issue2550724 CVE-2012-6132 (Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allo ...) {DLA-298-1} - roundup 1.4.20-1 CVE-2012-6131 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup b ...) {DLA-298-1} - roundup 1.4.20-1 NOTE: http://issues.roundup-tracker.org/issue2550711 CVE-2012-6130 (Cross-site scripting (XSS) vulnerability in the history display in Rou ...) {DLA-298-1} - roundup 1.4.20-1 NOTE: http://issues.roundup-tracker.org/issue2550684 CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in Transmiss ...) - transmission 2.52-3+nmu1 (bug #700234) [squeeze] - transmission (UTP code not present) CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before ...) {DSA-2623-1} - openconnect 3.20-3 (bug #700794) NOTE: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491 NOTE: The fix seems to introduce a possible memory leak as regression, see BTS #700805 CVE-2012-6127 REJECTED CVE-2012-6126 REJECTED CVE-2012-6125 (Chicken before 4.8.0 is susceptible to algorithmic complexity attacks ...) - chicken 4.8.0-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6124 (A casting error in Chicken before 4.8.0 on 64-bit platform caused the ...) - chicken 4.8.0-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6123 (Chicken before 4.8.0 does not properly handle NUL bytes in certain str ...) - chicken 4.8.0-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6122 (Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allo ...) - chicken 4.8.0.3-1 (low; bug #702410) [wheezy] - chicken (Minor issue) [squeeze] - chicken (Minor issue) CVE-2012-6121 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...) - roundcube (vulnerable code not in stable or testing) NOTE: http://trac.roundcube.net/ticket/1488850 NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba CVE-2012-6120 (Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directo ...) {DLA-29-1} - puppet 2.6.4-2 [squeeze] - puppet (Minor issue) NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet NOTE: After starting puppetmaster permissions on directory are restricted CVE-2012-6119 (Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...) NOTE: Candlepin CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated use ...) NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian) CVE-2012-6117 (Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engin ...) NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian) CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before 1.3.3.pu ...) NOTE: Candlepin CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat Enterpris ...) NOTE: RHEV management tool CVE-2012-6114 (The git-changelog utility in git-extras 1.7.0 allows local users to ov ...) - git-extras 1.7.0-1.2 (bug #698490) CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...) - php5 5.4.0~beta2-1 [squeeze] - php5 (Introduced in 5.3.9) NOTE: Introduced in https://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb NOTE: Fixed in 5.3.14 https://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793 NOTE: https://bugs.php.net/bug.php?id=61413 CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...) - tinymce (TinyMCE Google spellchecker plugin) - wordpress 3.5.1+dfsg-2 - moodle 2.5-1 (bug #702387) [squeeze] - wordpress 3.5.2+dfsg-1~deb6u1 (bug #701667) [squeeze] - moodle (Only affects 2.1 and above) [wheezy] - wordpress 3.5.2+dfsg-1~deb7u1 (bug #701667) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 NOTE: http://www.tinymce.com/develop/changelog/?type=phpspell NOTE: patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974 NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036 CVE-2012-6111 (gnome-keyring does not discard stored secrets when using gnome_keyring ...) - gnome-keyring 3.8.2-1 (low; bug #697896) [squeeze] - gnome-keyring (Minor issue) [wheezy] - gnome-keyring (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2013/01/11/5 CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...) - ruby-rack 1.4.1-2.1 (bug #698440) - librack-ruby [squeeze] - librack-ruby (vulnerable code not present) NOTE: https://github.com/rack/rack/commit/4fc44671b3cad569421f4f8b775c0590b86f575e NOTE: https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ CVE-2012-6108 (HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writabl ...) - hplip (permissions are 755 on wheezy, sid and experimental) CVE-2012-6107 (Apache Axis2/C does not verify that the server hostname matches a doma ...) - axis2c (bug #697974) [squeeze] - axis2c (Unsupported in squeeze-lts) NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619 CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions implement ...) - moodle (Only affects 2.4) CVE-2012-6105 (blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3 ...) - moodle 2.5-1 (low; bug #702387) [squeeze] - moodle (Only affects 2.1 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6104 (blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and ...) - moodle 2.5-1 (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6103 (Multiple cross-site request forgery (CSRF) vulnerabilities in user/mes ...) - moodle 2.5-1 (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6102 (lib.php in the Submission comments plugin in the Assignment module in ...) - moodle (Only affects 2.3 and above) CVE-2012-6101 (Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2 ...) - moodle 2.5-1 (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6100 (report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2. ...) - moodle 2.5-1 (low; bug #702387) [squeeze] - moodle (Only affects 2.2 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6099 (The moodle1 backup converter in backup/converter/moodle1/lib.php in Mo ...) - moodle 2.5-1 [squeeze] - moodle (Only affects 2.1 and above) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6098 (grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ...) - moodle 2.5-1 (low; bug #702387) [squeeze] - moodle (Minor issue) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2 CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain environm ...) [experimental] - cronie 1.5.4-final-1 (low; bug #697811) NOTE: Only present in experimental NOTE: https://bugzilla.suse.com/show_bug.cgi?id=786096 CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in h ...) {DSA-2653-1 DSA-2616-1} - icinga 1.7.1-5 (bug #697931) - nagios3 3.4.1-3 (bug #697930) CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows lo ...) {DSA-2606-1} - proftpd-dfsg 1.3.4a-3 (bug #697524) CVE-2012-6094 (cups (Common Unix Printing System) 'Listen localhost:631' option not h ...) - cups (systemd patch not applied in Debian, see bug #697584) CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4. ...) - qt4-x11 (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582) NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html NOTE: https://codereview.qt-project.org/#change,42461 NOTE: Fixed in 4:4.8.2+dfsg-10 CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...) - activemq (Example code not shipped in .deb) CVE-2012-6091 (Zend_XmlRpc Class in Magento before 1.7.0.2 contains an information di ...) NOT-FOR-US: Magento CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in os/pl- ...) - swi-prolog 5.10.4-5 (low; bug #697416) [squeeze] - swi-prolog 5.10.1-1+squeeze1 NOTE: http://web.archive.org/web/20130309013536/http://web.archive.org/web/20130309013536/https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e CVE-2012-6089 (Multiple stack-based buffer overflows in the canoniseFileName function ...) - swi-prolog 5.10.4-5 (low; bug #697416) [squeeze] - swi-prolog 5.10.1-1+squeeze1 NOTE: http://web.archive.org/web/20130309013536/http://web.archive.org/web/20130309013536/https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c CVE-2012-6088 (The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 d ...) - rpm 4.10.1-2.1 (bug #697375) [squeeze] - rpm (Introduced in rpm 4.10.0) [wheezy] - rpm 4.10.0-5+deb7u1 CVE-2012-6087 (repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11 ...) - moodle 2.2.7.dfsg-1 [squeeze] - moodle (Vulnerable code not present) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1 NOTE: https://github.com/tpyo/amazon-s3-php-class/pull/36 NOTE: https://tracker.moodle.org/browse/MDL-40615 CVE-2012-6086 (libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x befo ...) - zabbix 1:2.0.7+dfsg-1 (bug #697443) [squeeze] - zabbix (Will be handled through point update) NOTE: https://support.zabbix.com/browse/ZBX-5924 CVE-2012-6085 (The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 a ...) {DSA-2601-1} - gnupg 1.4.12-7 (bug #697108) - gnupg2 2.0.19-2 (bug #697251) CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis be ...) {DSA-2612-1} - charybdis 3.3.0-7.1 (bug #697092) - ircd-ratbox 3.0.7.dfsg-3 (bug #697093) NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/1 NOTE: https://www.openwall.com/lists/oss-security/2013/01/01/2 CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...) - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv (Minor issue) [wheezy] - freeciv 2.3.2-1+deb7u1 CVE-2012-6082 (Cross-site scripting (XSS) vulnerability in the rsslink function in th ...) {DSA-2593-1} - moin 1.9.5-2 [wheezy] - moin 1.9.4-8+deb7u1 NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/c98ec456e493 CVE-2012-6081 (Multiple unrestricted file upload vulnerabilities in the (1) twikidraw ...) {DSA-2593-1} [wheezy] - moin 1.9.4-8+deb7u1 - moin 1.9.5-3 (bug #696948) NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move function ...) {DSA-2593-1} [wheezy] - moin 1.9.4-8+deb7u1 - moin 1.9.5-4 (bug #696949) NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 CVE-2012-6079 (W3 Total Cache before 0.9.2.5 exposes sensitive cached database inform ...) NOT-FOR-US: W3 Total Cache NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6078 (W3 Total Cache before 0.9.2.5 generates hash keys insecurely which all ...) NOT-FOR-US: W3 Total Cache NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6077 (W3 Total Cache before 0.9.2.5 allows remote attackers to retrieve pass ...) NOT-FOR-US: W3 Total Cache NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/3 CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the curre ...) - inkscape 0.48.3.1-1.3 (low; bug #654341) [squeeze] - inkscape (Minor issue) NOTE: https://bugs.launchpad.net/inkscape/+bug/911146 CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device driv ...) {DSA-2619-1 DSA-2608-1 DSA-2607-1} - qemu 1.1.2+dfsg-4 (bug #696051) - qemu-kvm 1.1.2+dfsg-4 (bug #696051) - xen 4.1.3-8 [squeeze] - xen (In Squeeze the code is in the package xen-qemu-dm-4.0) NOTE: https://www.openwall.com/lists/oss-security/2012/12/30/1 CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenk ...) - jenkins 1.447.2+dfsg-3 (bug #696816) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS befor ...) - jenkins 1.447.2+dfsg-3 (bug #696816) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS befo ...) - jenkins 1.447.2+dfsg-3 (bug #696816) - jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20 NOTE: https://www.openwall.com/lists/oss-security/2012/12/28/1 CVE-2012-6071 (nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. ...) - nusoap 0.7.3-5 (low; bug #696707) [squeeze] - nusoap (Minor issue) CVE-2012-6070 (Falconpl before 0.9.6.9-git20120606 misuses the libcurl API which may ...) - falconpl 0.9.6.9-git20120606-2 (bug #696681) CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in CODESYS Ru ...) NOT-FOR-US: CODESYS Runtime System CVE-2012-6068 (The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not ...) NOT-FOR-US: CODESYS Runtime System CVE-2012-6067 (freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to byp ...) NOT-FOR-US: freeFTPd CVE-2012-6066 (freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypa ...) NOT-FOR-US: freeFTPd CVE-2012-6065 (The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Titl ...) NOT-FOR-US: Drupal plugin CVE-2012-6064 (Directory traversal vulnerability in lib/filemanager/imagemanager/imag ...) NOT-FOR-US: CMS Made Simple CVE-2012-6063 (Double free vulnerability in the sftp_mkdir function in sftp.c in libs ...) {DSA-2577-1} - libssh 0.5.3-1 [squeeze] - libssh 0.4.5-3+squeeze1 NOTE: Fix included in CVE-2012-4559 patch NOTE: https://red.libssh.org/issues/84 NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2 CVE-2012-6062 (The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6061 (The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6060 (Integer overflow in the dissect_iscsi_pdu function in epan/dissectors/ ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6059 (The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6058 (Integer overflow in the dissect_icmpv6 function in epan/dissectors/pac ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6057 (The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6056 (Integer overflow in the dissect_sack_chunk function in epan/dissectors ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6055 (epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in Wireshar ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6054 (The dissect_sflow_245_address_type function in epan/dissectors/packet- ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6053 (epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x b ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection CVE-2012-6052 (Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain sensiti ...) {DLA-497-1} - wireshark 1.8.6-1 (unimportant) NOTE: not suitable for code injection NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45511 CVE-2012-6051 (Google CityHash computes hash values without properly restricting the ...) - cityhash (bug #694999) CVE-2012-6050 (The winbox service in MikroTik RouterOS 5.15 and earlier allows remote ...) NOT-FOR-US: MikroTik RouterOS CVE-2012-6049 (Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensiti ...) NOT-FOR-US: Open Solution Quick.Cart 5.0 CVE-2012-6048 (Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Guitar Pro 6.1.1 CVE-2012-6047 (Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and ...) NOT-FOR-US: X7 Chat 2.0.5.1 CVE-2012-6046 (Static code injection vulnerability in admin/banners.php in PHP Enter ...) NOT-FOR-US: PHP Enter CVE-2012-6045 (Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui ...) NOT-FOR-US: Ramui Forum CVE-2012-6044 (M-Player 0.4 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: M-Player (different from mplayer in the archive) CVE-2012-6043 (Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusio ...) NOT-FOR-US: phpFusion CVE-2012-6042 (GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a d ...) NOT-FOR-US: GPSMapEdit CVE-2012-6041 (Double free vulnerability in GreenBrowser before 6.0.1002, when the ke ...) NOT-FOR-US: GreenBrowser CVE-2012-6040 (Cross-site scripting (XSS) vulnerability in users.php in File King Adv ...) NOT-FOR-US: File King Advanced File Management 1.4 CVE-2012-6039 (SQL injection vulnerability in view_comments.php in YABSoft Advanced I ...) NOT-FOR-US: YABSoft Advanced Image Hosting CVE-2012-6038 (admin/core/admin_func.php in razorCMS before 1.2.1 does not properly r ...) NOT-FOR-US: razorCMS CVE-2012-6037 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x be ...) {DSA-2591-1} - mahara 1.5.1-3 CVE-2012-6036 (The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tm ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6035 (The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6034 (The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv funct ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6033 (The do_tmem_control function in the Transcendent Memory (TMEM) in Xen ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6032 (Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6031 (The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6030 (The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: CVE-2012-3497 has been SPLIT into this ID and others NOTE: TMEM not supported for production systems (technology preview) CVE-2012-6029 (Multiple cross-site scripting (XSS) vulnerabilities in the web-authent ...) NOT-FOR-US: Cisco NAC Appliance CVE-2012-6028 RESERVED CVE-2012-6027 RESERVED CVE-2012-6026 (The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 ...) NOT-FOR-US: Cisco Aironet Access Point CVE-2012-6025 RESERVED CVE-2012-6024 RESERVED CVE-2012-6023 RESERVED CVE-2012-6022 RESERVED CVE-2012-6021 RESERVED CVE-2012-6020 RESERVED CVE-2012-6019 RESERVED CVE-2012-6018 RESERVED CVE-2012-6017 RESERVED CVE-2012-6016 RESERVED CVE-2012-6015 RESERVED CVE-2012-6014 RESERVED CVE-2012-6013 RESERVED CVE-2012-6012 RESERVED CVE-2012-6011 RESERVED CVE-2012-6010 RESERVED CVE-2012-6009 RESERVED CVE-2012-6008 RESERVED CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in screens/base/web_auth_cust ...) NOT-FOR-US: Cisco CVE-2012-6006 RESERVED CVE-2012-6005 RESERVED CVE-2012-6004 RESERVED CVE-2012-6003 RESERVED CVE-2012-6002 RESERVED CVE-2012-6001 RESERVED CVE-2012-6000 RESERVED CVE-2012-5999 RESERVED CVE-2012-5998 RESERVED CVE-2012-5997 RESERVED CVE-2012-5996 RESERVED CVE-2012-5995 RESERVED CVE-2012-5994 RESERVED CVE-2012-5993 RESERVED CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Wi ...) NOT-FOR-US: Cisco CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WL ...) NOT-FOR-US: Cisco CVE-2012-5990 (Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor ...) NOT-FOR-US: Cisco CVE-2012-5989 RESERVED CVE-2012-5988 RESERVED CVE-2012-5987 RESERVED CVE-2012-5986 RESERVED CVE-2012-5985 RESERVED CVE-2012-5984 RESERVED CVE-2012-5983 RESERVED CVE-2012-5982 RESERVED CVE-2012-5981 RESERVED CVE-2012-5980 RESERVED CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View Connectio ...) NOT-FOR-US: VMware View CVE-2012-5977 (Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 1 ...) {DSA-2605-1} - asterisk 1:1.8.13.1~dfsg-2 (bug #697230) NOTE: http://downloads.asterisk.org/pub/security/AST-2012-015.pdf CVE-2012-5976 (Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8 ...) {DSA-2605-1} - asterisk 1:1.8.13.1~dfsg-2 (bug #697230) NOTE: http://downloads.digium.com/pub/security/AST-2012-014.pdf CVE-2012-5975 (The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 thr ...) NOT-FOR-US: Tectia SSH CVE-2012-5974 RESERVED CVE-2012-5973 (CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote ...) NOT-FOR-US: CA XCOM Data Transport CVE-2012-5972 (Directory traversal vulnerability in the web server in SpecView 2.5 bu ...) NOT-FOR-US: SpecView 2.5 CVE-2012-5971 RESERVED CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a denial of se ...) NOT-FOR-US: Huawei device CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 device ...) NOT-FOR-US: Huawei device CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...) NOT-FOR-US: Huawei device CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2 ...) - centreon-web (bug #913903) CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows remot ...) NOT-FOR-US: D-Link DSL2730U router CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ssd ...) {DSA-2615-1 DSA-2614-1} - libupnp 1:1.6.17-1.2 (bug #699316) - libupnp4 1.8.0~svn20100507-1.2 (bug #699459) CVE-2012-5957 RESERVED CVE-2012-5956 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine As ...) NOT-FOR-US: ManageEngine AssetExplorer 5.6 CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM ...) NOT-FOR-US: WebSphere CVE-2012-5954 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space Mana ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2012-5953 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, ...) NOT-FOR-US: IBM CVE-2012-5952 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, ...) NOT-FOR-US: IBM CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, ...) NOT-FOR-US: IBM Tivoli NetView CVE-2012-5950 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIR ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2012-5949 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA App ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2012-5948 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA App ...) NOT-FOR-US: IBM TRIRIGA Application Platform CVE-2012-5947 (Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePowe ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-5946 (Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM S ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-5945 (Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-5944 RESERVED CVE-2012-5943 (Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8. ...) NOT-FOR-US: IBM iNotes CVE-2012-5942 (Cross-site scripting (XSS) vulnerability in the Data Management Portal ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2012-5941 (Cross-site scripting (XSS) vulnerability in the WebAdmin application 6 ...) NOT-FOR-US: IBM CVE-2012-5940 (The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezz ...) NOT-FOR-US: IBM CVE-2012-5939 (Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Man ...) NOT-FOR-US: IBM Tivoli TADDM CVE-2012-5938 (The installation process in IBM InfoSphere Information Server 8.1, 8.5 ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-5937 (Unspecified vulnerability in the CLA2 server in IBM Gentran Integratio ...) NOT-FOR-US: IBM Gentran Integration CVE-2012-5936 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...) NOT-FOR-US: IBM CVE-2012-5935 RESERVED CVE-2012-5934 RESERVED CVE-2012-5933 RESERVED CVE-2012-5932 (Eval injection vulnerability in the ldapagnt_eval function in ldapagnt ...) NOT-FOR-US: NetIQ Privileged User Manager 2.3.x CVE-2012-5931 (Directory traversal vulnerability in the set_log_config function in re ...) NOT-FOR-US: NetIQ Privileged User Manager 2.3.x CVE-2012-5930 (The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ Pri ...) NOT-FOR-US: NetIQ Privileged User Manager 2.3.x CVE-2012-5929 RESERVED CVE-2012-5928 RESERVED CVE-2012-5927 RESERVED CVE-2012-5926 RESERVED CVE-2012-5925 RESERVED CVE-2012-5924 RESERVED CVE-2012-5923 RESERVED CVE-2012-5922 RESERVED CVE-2012-5921 RESERVED CVE-2012-5920 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2 ...) - gwt (bug #691900) [squeeze] - gwt (Vulnerable code not present) CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 ...) NOT-FOR-US: havalite CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...) NOT-FOR-US: razorCMS CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of service (a ...) NOT-FOR-US: SnackAmp CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain sensitive ...) NOT-FOR-US: Neocrome Seditio CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers to obta ...) NOT-FOR-US: Neocrome Seditio CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the sed_import ...) NOT-FOR-US: Neocrome Seditio CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php in the W ...) NOT-FOR-US: Wordpress Integrator plugin CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remo ...) NOT-FOR-US: PicoPublisher CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolu ...) NOT-FOR-US: b2evolution CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution ...) NOT-FOR-US: b2evolution CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in MyBB (a ...) NOT-FOR-US: MyBB CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in admin/modules/user/users.p ...) NOT-FOR-US: MyBB CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alph ...) NOT-FOR-US: TomatoCart CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6. ...) NOT-FOR-US: GreenBrowser CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to c ...) NOT-FOR-US: KnFTPd CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows remote atta ...) NOT-FOR-US: IrfanView CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...) NOT-FOR-US: Simple Machine Forum CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php ...) NOT-FOR-US: DFLabs PTK CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under the we ...) NOT-FOR-US: DFLabs PTK CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow ...) NOT-FOR-US: SAMEDIA LandShop CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in admin/action/objects.php i ...) NOT-FOR-US: SAMEDIA LandShop CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0. ...) NOT-FOR-US: SAMEDIA LandShop CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX con ...) NOT-FOR-US: Quest in Trust CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in Q ...) NOT-FOR-US: Quest in Trust CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown ...) NOT-FOR-US: iRODS CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and ...) NOT-FOR-US: Havalite CMS CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in Havalite ...) NOT-FOR-US: Havalite CMS CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under the ...) NOT-FOR-US: Havalite CMS CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pa ...) NOT-FOR-US: Dalbum CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...) NOT-FOR-US: TYPO3 extension (sr_feuser_register) CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension be ...) NOT-FOR-US: TYPO3 extension (powermail) CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_ba ...) NOT-FOR-US: TYPO3 extension (seo_basics) CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 - tomcat7 7.0.28-3+nmu1 (bug #692440) CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 - tomcat7 7.0.28-3+nmu1 (bug #692440) CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access Auth ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 - tomcat7 7.0.28-3+nmu1 (bug #692440) CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 a ...) - bugzilla (low) [squeeze] - bugzilla (vulnerable code not present in 3.x) - bugzilla4 (bug #669643) CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...) - yui3 - yui 2.9.0.dfsg.0.1-0.1 (bug #693608) [squeeze] - yui (Minor issue, Flash not build from source in oldstable) - icinga-web 1.7.1+dfsg2-6 (bug #694641) CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...) - yui3 - yui 2.9.0.dfsg.0.1-0.1 (bug #693608) [squeeze] - yui (Minor issue, Flash not build from source in oldstable) - icinga-web 1.7.1+dfsg2-6 (bug #694641) CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component infras ...) - yui3 - yui 2.9.0.dfsg.0.1-0.1 (bug #693608) [squeeze] - yui (Minor issue, Flash not build from source in oldstable) - icinga-web 1.7.1+dfsg2-6 (bug #694641) CVE-2012-5880 RESERVED CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician ( ...) NOT-FOR-US: McAfee Virtual Technician CVE-2012-5878 (Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 a ...) NOT-FOR-US: Bulb Security Smartphone Pentest Framework CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a ...) NOT-FOR-US: Nero MediaHome CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHo ...) NOT-FOR-US: Nero MediaHome CVE-2012-5875 (Firefly Media Server 1.0.0.1359 allows remote attackers to cause a den ...) NOT-FOR-US: Firefly Media Server CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) update_whosonline_re ...) NOT-FOR-US: Elite Bulletin Board CVE-2012-5873 RESERVED CVE-2012-5872 RESERVED CVE-2012-5871 RESERVED CVE-2012-5870 RESERVED CVE-2012-5869 RESERVED CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...) - wordpress (unimportant; bug #696868) NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868 CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability ...) NOT-FOR-US: HT Editor CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4 ...) NOT-FOR-US: Achievo CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...) NOT-FOR-US: Achievo CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic Syst ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Pho ...) NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 s ...) NOT-FOR-US: ID-One COSMO CVE-2012-5859 (Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to ...) NOT-FOR-US: Samsung Kies Air CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address fo ...) NOT-FOR-US: Samsung Kies Air CVE-2012-5857 RESERVED CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cook ...) NOT-FOR-US: Wordpress plugin (uk cookie) CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...) - vlc (Windows only issue) NOTE: Harmless crasher without security relevance CVE-2012-5853 (SQL injection vulnerability in the "the_search_function" function in c ...) NOT-FOR-US: "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin for WordPress CVE-2012-5852 RESERVED CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chr ...) - chromium-browser (unimportant) - webkit (unimportant) NOTE: https://bugs.webkit.org/show_bug.cgi?id=92692 NOTE: Incomplete mitigation feature, not a security vulnerability per se CVE-2012-5850 RESERVED CVE-2012-5849 (Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 ...) NOT-FOR-US: ClipBucket CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remot ...) - weechat 0.3.9.1-1 (bug #693026) [wheezy] - weechat 0.3.8-1+deb7u1 [squeeze] - weechat (Vulnerable code not present) CVE-2012-5848 REJECTED CVE-2012-5847 REJECTED CVE-2012-5846 REJECTED CVE-2012-5845 REJECTED CVE-2012-5844 REJECTED CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5842 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-5841 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderb ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5840 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor f ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5839 (Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsCl ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in Mozilla Fi ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5837 (The Web Developer Toolbar in Mozilla Firefox before 17.0 executes scri ...) - iceweasel (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5836 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey be ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0 ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5834 REJECTED CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla Firefo ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5832 REJECTED CVE-2012-5831 REJECTED CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox E ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-5828 (BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerabi ...) NOT-FOR-US: BlackBerry PlayBook CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attack ...) NOT-FOR-US: Joomla! CVE-2012-5826 RESERVED CVE-2012-5825 (Tweepy does not verify that the server hostname matches a domain name ...) - tweepy 3.1.0-2 (low; bug #692444) [jessie] - tweepy (Minor issue) [wheezy] - tweepy (Minor issue) CVE-2012-5824 (Trillian 5.1.0.19 does not verify that the server hostname matches a d ...) NOT-FOR-US: Trillian CVE-2012-5823 (Open Source Classifieds does not verify that the server hostname match ...) NOT-FOR-US: Open Source Classifieds CVE-2012-5822 (The contribution feature in Zamboni does not verify that the server ho ...) NOT-FOR-US: Zamboni CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a trus ...) - lynx-cur 2.8.8dev.15-1 (low; bug #692443) [squeeze] - lynx-cur (Minor issue) [wheezy] - lynx-cur (Minor issue) CVE-2012-5820 (The developer-account sample code in Google AdMob does not verify that ...) NOT-FOR-US: Google AdMob CVE-2012-5819 (FilesAnywhere does not verify that the server hostname matches a domai ...) NOT-FOR-US: FilesAnywhere CVE-2012-5818 (ElephantDrive does not verify that the server hostname matches a domai ...) NOT-FOR-US: ElephantDrive CVE-2012-5817 (Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools ...) NOT-FOR-US: Codehaus XFire CVE-2012-5816 (AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server ho ...) NOT-FOR-US: AOL Instant Messenger CVE-2012-5815 (The Rackspace app 2.1.5 for iOS does not verify that the server hostna ...) NOT-FOR-US: Rackspace app for iOS CVE-2012-5814 (Weberknecht, as used in GitHub Gaug.es and other products, does not ve ...) NOT-FOR-US: Weberknecht CVE-2012-5813 (The Android_Pusher library for Android does not verify that the server ...) NOT-FOR-US: Android app/lib CVE-2012-5812 (The ACRA library for Android does not verify that the server hostname ...) NOT-FOR-US: Android app/lib CVE-2012-5811 (The Breezy application for Android does not verify that the server hos ...) NOT-FOR-US: Android app/lib CVE-2012-5810 (The Chase mobile banking application for Android does not verify that ...) NOT-FOR-US: Android app/lib CVE-2012-5809 (The Groupon Redemptions application for Android does not verify that t ...) NOT-FOR-US: Android app/lib CVE-2012-5808 (The LinkPoint module in Zen Cart does not verify that the server hostn ...) NOT-FOR-US: Zen Cart module CVE-2012-5807 (The Authorize.Net eCheck module in Zen Cart does not verify that the s ...) NOT-FOR-US: Zen Cart module CVE-2012-5806 (The PayPal Payments Pro module in Zen Cart does not verify that the se ...) NOT-FOR-US: Zen Cart module CVE-2012-5805 (The PayPal IPN functionality in Zen Cart does not verify that the serv ...) NOT-FOR-US: Zen Cart module CVE-2012-5804 (The CyberSource module in Ubercart does not verify that the server hos ...) NOT-FOR-US: Ubercart module CVE-2012-5803 (The Authorize.Net module in Ubercart does not verify that the server h ...) NOT-FOR-US: Ubercart module CVE-2012-5802 (The PayPal module in Ubercart does not verify that the server hostname ...) NOT-FOR-US: Ubercart module CVE-2012-5801 (The PayPal module in PrestaShop does not verify that the server hostna ...) NOT-FOR-US: PrestaShop module CVE-2012-5800 (The eBay module in PrestaShop does not verify that the server hostname ...) NOT-FOR-US: PrestaShop module CVE-2012-5799 (The Canada Post (aka CanadaPost) module in PrestaShop does not verify ...) NOT-FOR-US: PrestaShop module CVE-2012-5798 (The PayPal Pro PayFlow EC module in osCommerce does not verify that th ...) NOT-FOR-US: osCommerce module CVE-2012-5797 (The PayPal Pro PayFlow module in osCommerce does not verify that the s ...) NOT-FOR-US: osCommerce module CVE-2012-5796 (The PayPal Pro module in osCommerce does not verify that the server ho ...) NOT-FOR-US: osCommerce module CVE-2012-5795 (The PayPal Express module in osCommerce does not verify that the serve ...) NOT-FOR-US: osCommerce module CVE-2012-5794 (The MoneyBookers module in osCommerce does not verify that the server ...) NOT-FOR-US: osCommerce module CVE-2012-5793 (The Authorize.Net module in osCommerce does not verify that the server ...) NOT-FOR-US: osCommerce module CVE-2012-5792 (The Sage Pay Direct module in osCommerce does not verify that the serv ...) NOT-FOR-US: osCommerce module CVE-2012-5791 (PayPal Invoicing does not verify that the server hostname matches a do ...) NOT-FOR-US: PayPal Invoicing CVE-2012-5790 (PayPal Payments Standard PHP Library 20120427 does not verify that the ...) NOT-FOR-US: PayPal Payments Standard PHP Library CVE-2012-5789 (PayPal Payments Standard PHP Library before 20120427 does not verify t ...) NOT-FOR-US: PayPal Payments Standard PHP Library CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname matche ...) NOT-FOR-US: The PayPal IPN utility CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname match ...) NOT-FOR-US: The PayPal merchant SDK CVE-2012-5786 (** DISPUTED ** The wsdl_first_https sample code in distribution/src/ma ...) NOT-FOR-US: Apache CXF CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ho ...) NOT-FOR-US: Axis2/Java NOTE: Axis2/C is packaged as axis2c, but this is a different software. CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Ma ...) {DLA-169-1} - axis 1.4-16.1 (low; bug #692650) [squeeze] - axis (Minor issue) CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Ser ...) {DLA-222-1} - commons-httpclient 3.1-10.1 (bug #692442) [wheezy] - commons-httpclient (Minor issue) [squeeze] - commons-httpclient (Minor issue) CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify tha ...) NOT-FOR-US: Amazon Flexible Payments Service CVE-2012-5781 (Amazon Elastic Load Balancing API Tools does not verify that the serve ...) NOT-FOR-US: Amazon Elastic Load Balancing API Tools CVE-2012-5780 (The Amazon merchant SDK does not verify that the server hostname match ...) NOT-FOR-US: The Amazon merchant SDK CVE-2012-5779 RESERVED CVE-2012-5778 RESERVED CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...) NOT-FOR-US: EmpireCMS CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in ...) NOT-FOR-US: Dokeos CVE-2012-5775 REJECTED CVE-2012-5774 REJECTED CVE-2012-5773 REJECTED CVE-2012-5772 REJECTED CVE-2012-5771 REJECTED CVE-2012-5770 (The SSL configuration in IBM Tivoli Application Dependency Discovery M ...) NOT-FOR-US: IBM CVE-2012-5769 (IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 all ...) NOT-FOR-US: IBM SPSS Modeler CVE-2012-5768 RESERVED CVE-2012-5767 (Unspecified vulnerability in the web interface on the IBM TS3500 Tape ...) NOT-FOR-US: IBM TS3500 Tape Library CVE-2012-5766 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator ...) NOT-FOR-US: IBM CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-5764 RESERVED CVE-2012-5763 (Cross-site request forgery (CSRF) vulnerability in the WebAdmin applic ...) NOT-FOR-US: IBM CVE-2012-5762 (Cross-site scripting (XSS) vulnerability in the WebAdmin application 6 ...) NOT-FOR-US: IBM CVE-2012-5761 (Cross-site scripting (XSS) vulnerability in the WebAdmin application 6 ...) NOT-FOR-US: IBM CVE-2012-5760 (SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, ...) NOT-FOR-US: IBM CVE-2012-5759 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...) NOT-FOR-US: Websphere CVE-2012-5758 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...) NOT-FOR-US: Websphere CVE-2012-5757 (Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rati ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-5756 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...) NOT-FOR-US: Websphere CVE-2012-5755 RESERVED CVE-2012-5754 RESERVED CVE-2012-5753 RESERVED CVE-2012-5752 RESERVED CVE-2012-5751 RESERVED CVE-2012-5750 RESERVED CVE-2012-5749 RESERVED CVE-2012-5748 RESERVED CVE-2012-5747 RESERVED CVE-2012-5746 RESERVED CVE-2012-5745 RESERVED CVE-2012-5744 (Multiple cross-site scripting (XSS) vulnerabilities in the guest porta ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2012-5743 RESERVED CVE-2012-5742 RESERVED CVE-2012-5741 RESERVED CVE-2012-5740 RESERVED CVE-2012-5739 RESERVED CVE-2012-5738 RESERVED CVE-2012-5737 RESERVED CVE-2012-5736 RESERVED CVE-2012-5735 RESERVED CVE-2012-5734 RESERVED CVE-2012-5733 RESERVED CVE-2012-5732 RESERVED CVE-2012-5731 RESERVED CVE-2012-5730 RESERVED CVE-2012-5729 RESERVED CVE-2012-5728 RESERVED CVE-2012-5727 RESERVED CVE-2012-5726 RESERVED CVE-2012-5725 RESERVED CVE-2012-5724 RESERVED CVE-2012-5723 (Cisco ASR 1000 devices with software before 3.8S, when BDI routing is ...) NOT-FOR-US: Cisco devices CVE-2012-5722 RESERVED CVE-2012-5721 RESERVED CVE-2012-5720 RESERVED CVE-2012-5719 RESERVED CVE-2012-5718 RESERVED CVE-2012-5717 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x thr ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-5716 RESERVED CVE-2012-5715 RESERVED CVE-2012-5714 RESERVED CVE-2012-5713 RESERVED CVE-2012-5712 RESERVED CVE-2012-5711 RESERVED CVE-2012-5710 RESERVED CVE-2012-5709 RESERVED CVE-2012-5708 RESERVED CVE-2012-5707 RESERVED CVE-2012-5706 RESERVED CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page (admin/s ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote a ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-5703 (The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers ...) NOT-FOR-US: VMware ESXi CVE-2012-5702 (Multiple cross-site scripting (XSS) vulnerabilities in dotProject befo ...) NOT-FOR-US: dotProject CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allo ...) NOT-FOR-US: dotProject CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...) NOT-FOR-US: Baby Gekko CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...) NOT-FOR-US: BabyGekko CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...) NOT-FOR-US: BabyGekko CVE-2012-5979 REJECTED CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest ...) NOT-FOR-US: Smartphone Pentest Framework CVE-2012-5696 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not ...) NOT-FOR-US: Smartphone Pentest Framework CVE-2012-5695 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Sec ...) NOT-FOR-US: Smartphone Pentest Framework CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pen ...) NOT-FOR-US: Smartphone Pentest Framework CVE-2012-5693 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows r ...) NOT-FOR-US: Bulb Security Smartphone Pentest Framework CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision P ...) NOT-FOR-US: Invision Power Board CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealP ...) NOT-FOR-US: RealPlayer CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 throug ...) NOT-FOR-US: RealPlayer CVE-2012-5689 (ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...) - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #699145) [squeeze] - bind9 (Only affects Bind 9.8 and 9.9) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 i ...) - bind9 1:9.8.4.dfsg.P1-1 (bug #695192) [squeeze] - bind9 (Only affects 9.8 and 9.9) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...) NOT-FOR-US: TP-LINK TL-WR841N router CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...) NOT-FOR-US: ZPanel CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...) NOT-FOR-US: ZPanel CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier ...) NOT-FOR-US: ZPanel CVE-2012-5683 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 1 ...) NOT-FOR-US: ZPanel CVE-2012-5682 REJECTED CVE-2012-5681 REJECTED CVE-2012-5680 (Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attack ...) NOT-FOR-US: Adobe Photoshop Camera Raw CVE-2012-5679 (Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attac ...) NOT-FOR-US: Adobe Photoshop Camera Raw CVE-2012-5678 (Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5677 (Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x bef ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5676 (Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5675 (Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypa ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-5674 (Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5672 (Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office ...) NOT-FOR-US: Microsoft Office CVE-2012-5671 (Heap-based buffer overflow in the dkim_exim_query_dns_txt function in ...) {DSA-2566-1} - exim4 4.80-5.1 (medium) CVE-2012-5670 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ...) - freetype 2.4.9-1.1 (bug #696691) [squeeze] - freetype (Version in Squeeze doesn't parse alternative encoding format yet) NOTE: https://savannah.nongnu.org/bugs/?37907 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8 CVE-2012-5669 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows contex ...) - freetype 2.4.9-1.1 (unimportant; bug #696691) NOTE: https://savannah.nongnu.org/bugs/?37906 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d CVE-2012-5668 (FreeType before 2.4.11 allows context-dependent attackers to cause a d ...) - freetype 2.4.9-1.1 (unimportant; bug #696691) NOTE: https://savannah.nongnu.org/bugs/?37905 NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow context ...) - grep 2.11-1 (low; bug #701897) [squeeze] - grep 2.6.3-3+squeeze1 NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473 NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189 NOTE: https://www.openwall.com/lists/oss-security/2012/12/22/1 CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js ...) - owncloud 4.0.8debian-1.3 (bug #696574) [wheezy] - owncloud 4.0.4debian2-3.2 CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly ...) - owncloud 4.0.8debian-1.3 (bug #696574) [wheezy] - owncloud 4.0.4debian2-3.2 CVE-2012-5664 REJECTED CVE-2012-5663 (The isearch package (textproc/isearch) before 1.47.01nb1 uses the temp ...) NOT-FOR-US: Isearch NOTE: https://www.openwall.com/lists/oss-security/2012/12/21/1 CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname match ...) - ibm-3270 3.3.14ga11-1 (bug #706547) [wheezy] - ibm-3270 (Non-free not supported) [squeeze] - ibm-3270 (Non-free not supported) CVE-2012-5661 REJECTED CVE-2012-5660 (abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2 ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2012-5659 (Untrusted search path vulnerability in plugins/abrt-action-install-deb ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug mode ...) NOT-FOR-US: OpenShift CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Z ...) {DSA-2602-1} - zendframework 1.11.13-1.1 (bug #696483) NOTE: https://www.openwall.com/lists/oss-security/2012/12/20/2 NOTE: http://framework.zend.com/security/advisory/ZF2012-05 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037 NOTE: http://secunia.com/advisories/51583 CVE-2012-5656 (The rasterization process in Inkscape before 0.48.4 allows local users ...) - inkscape 0.48.3.1-1.2 (bug #696485) [squeeze] - inkscape (Minor issue) CVE-2012-5655 (The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before 7.x-3.0-b ...) NOT-FOR-US: Context module for Drupal CVE-2012-5654 (The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when co ...) NOT-FOR-US: Nodewords: D6 Meta Tags module for Drupal CVE-2012-5653 (The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...) {DSA-2776-1} - drupal6 (bug #696343) - drupal7 7.14-1.2 (bug #696342) NOTE: http://drupal.org/SA-CORE-2012-004 CVE-2012-5652 (Drupal 6.x before 6.27 allows remote attackers to obtain sensitive inf ...) {DSA-2776-1} - drupal6 (bug #696343) NOTE: http://drupal.org/SA-CORE-2012-004 CVE-2012-5651 (Drupal 6.x before 6.27 and 7.x before 7.18 displays information for bl ...) {DSA-2776-1} - drupal6 (bug #696343) - drupal7 7.14-1.2 (bug #696342) NOTE: http://drupal.org/SA-CORE-2012-004 CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache Cou ...) - couchdb 1.2.0-5 (bug #698439) [squeeze] - couchdb (Unsupported in squeeze-lts) CVE-2012-5649 (Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2. ...) - couchdb 1.2.0-5 (bug #698439) [squeeze] - couchdb (Unsupported in squeeze-lts) CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow r ...) - foreman (bug #663101) CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...) NOT-FOR-US: OpenShift CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...) NOT-FOR-US: OpenShift CVE-2012-5645 (A denial of service flaw was found in the way the server component of ...) - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv (Minor issue) [wheezy] - freeciv 2.3.2-1+deb7u1 CVE-2012-5644 (libuser has information disclosure when moving user's home directory ...) - libuser 1:0.60~dfsg-1 (low; bug #705690) [wheezy] - libuser (Minor issue) [squeeze] - libuser (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=885724#c7 CVE-2012-5643 (Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2. ...) {DSA-2631-1} - squid 2.7.STABLE9-2 NOTE: squid-cgi was removed in 2.7.STABLE9-2 - squid3 3.1.20-2.1 (bug #696187) NOTE: possible regression, see #701123 CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handle the ...) - fail2ban 0.8.6-3wheezy1 (low; bug #696184) [squeeze] - fail2ban (Introduced in 0.8.6, see #696187) CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in mochiw ...) - couchdb (Only affects CouchDB on Windows) CVE-2012-5640 (thttpd has a local DoS vulnerability via specially-crafted .htpasswd f ...) - thttpd (low) [squeeze] - thttpd (Minor issue) CVE-2012-5639 (LibreOffice and OpenOffice automatically open embedded content ...) - libreoffice (unimportant) [wheezy] - libreoffice (Minor issue) - openoffice.org 1:3.3.0-1 (unimportant) NOTE: Since 3.3.0 openoffice.org is a transitional source package NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295 NOTE: Additional hardening/UI improvement, not a direct vulnerability NOTE: For 4.2: http://whatofhow.wordpress.com/2013/12/02/stealth-mode/ CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable per ...) - sanlock 2.2-2 (bug #696424) CVE-2012-5637 REJECTED CVE-2012-5636 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...) - glusterfs 3.5.0-1 (unimportant; bug #704944) NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=b8d5fd2b88db7e18a10e57a0edf1a41eda4f5314 (v3.4.0qa8) NOTE: http://git.gluster.org/cgit/glusterfs.git/commit/?id=11bb1fc5849a557d1a26e59bd651fbd0d07a1b8d (v3.5.0qa1) NOTE: Neutralised by kernel hardening CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...) {DSA-2636-1} - xen 4.1.3-8 (low) CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6 ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5632 REJECTED CVE-2012-5631 (ipa 3.0 does not properly check server identity before sending credent ...) NOT-FOR-US: FreeIPA CVE-2012-5630 (libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race co ...) - libuser 1:0.60~dfsg-1 (low; bug #705690) [wheezy] - libuser (Minor issue) [squeeze] - libuser (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=884685#c31 CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) LdapExtLo ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5628 (gofer before 0.68 uses world-writable permissions for /var/lib/gofer/j ...) NOT-FOR-US: gofer component of PULP project CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...) - mariadb-5.5 (Fixed before initial upload to archive) - mysql-5.1 (unimportant) - mysql-5.5 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719 NOTE: https://mariadb.atlassian.net/browse/MDEV-3915 CVE-2012-5626 (EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Applicati ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when usin ...) - nova (Only affects OpenStack Folsom, bug #695830) CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirection ...) - qt4-x11 4:4.8.2+dfsg-7 (bug #695156) [squeeze] - qt4-x11 (Vulnerable code not present) NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html CVE-2012-5623 (Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords. ...) NOT-FOR-US: change_passwd plugin for Squirrelmail CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management cons ...) NOT-FOR-US: OpenShift CVE-2012-5621 (lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows ...) - ekiga 3.2.7-6 (bug #702282; low) [squeeze] - ekiga (Minor issue) CVE-2012-5620 REJECTED CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file ...) - sleuthkit 4.1.2-1 (unimportant; bug #695097) CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-password tok ...) NOT-FOR-US: Ushahidi CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...) - gksu-polkit (bug #695807) [squeeze] - gksu-polkit (Unsupported in squeeze-lts) NOTE: https://www.openwall.com/lists/oss-security/2012/12/12/8 CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...) NOT-FOR-US: CloudStack CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.2 ...) {DSA-3054-1} - mariadb-5.5 (Fixed before initial upload to archive) - mysql-5.1 (low; bug #695001) [squeeze] - mysql-5.1 (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x) - mysql-5.5 5.5.39-1 (low; bug #695001) NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676 NOTE: https://mariadb.atlassian.net/browse/MDEV-3909 NOTE: http://seclists.org/fulldisclosure/2012/Dec/9 CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5. ...) - mariadb-5.5 (Fixed before initial upload to archive) - mysql-5.5 (The affected versions were only in experimental) - mysql-5.1 (low) [squeeze] - mysql-5.1 5.1.73-1 NOTE: https://mariadb.atlassian.net/browse/MDEV-3910 NOTE: http://seclists.org/fulldisclosure/2012/Dec/7 NOTE: https://www.openwall.com/lists/oss-security/2013/02/28/10 CVE-2012-5613 - mysql-5.1 (unimportant; bug #695001) - mysql-5.5 (unimportant; bug #695001) NOTE: Disputed as incorrect configuration NOTE: http://seclists.org/fulldisclosure/2012/Dec/6 CVE-2012-5612 (Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions t ...) - mysql-5.1 (MDL was introduced in 5.5) - mysql-5.5 5.5.29+dfsg-1 (bug #695001) NOTE: https://mariadb.atlassian.net/browse/MDEV-3908 CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MySQL 5. ...) {DSA-2581-1} - mysql-5.1 (bug #695001) - mysql-5.5 5.5.29+dfsg-1 (bug #695001) NOTE: http://seclists.org/fulldisclosure/2012/Dec/4 CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud b ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/setti ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5607 (The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4 ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.8debian-1.1 (bug #693990) [wheezy] - owncloud 4.0.4debian2-3.1 NOTE: https://www.openwall.com/lists/oss-security/2012/11/30/2 CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable permissio ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when u ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-5602 REJECTED CVE-2012-5601 REJECTED CVE-2012-5600 REJECTED CVE-2012-5599 REJECTED CVE-2012-5598 REJECTED CVE-2012-5597 REJECTED CVE-2012-5596 REJECTED CVE-2012-5595 REJECTED CVE-2012-5594 REJECTED CVE-2012-5593 REJECTED CVE-2012-5592 REJECTED CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x- ...) NOT-FOR-US: Drupal Zero Point module CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for Drupal allo ...) NOT-FOR-US: Drupal Webmail Plus module CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 ...) NOT-FOR-US: Drupal MultiLink module CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a ...) NOT-FOR-US: Drupal Email Field module CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field module 6.x ...) NOT-FOR-US: Drupal Email Field module CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 ...) NOT-FOR-US: Drupal Services module CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1. ...) NOT-FOR-US: Drupal Mixpanel module CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does no ...) NOT-FOR-US: Drupal Table of Contents module CVE-2012-5583 (phpCAS before 1.3.2 does not verify that the server hostname matches a ...) - php-cas 1.3.1-2 - moodle 2.2.7.dfsg-1 [squeeze] - moodle (Minor issue) [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1 NOTE: https://github.com/Jasig/phpCAS/pull/58 CVE-2012-5582 (opendnssec misuses libcurl API ...) - opendnssec (eppclient not built in Debian package) NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allow ...) {DSA-2589-1} - tiff 4.0.2-1 (bug #694693) - tiff3 3.9.6-10 NOTE: https://www.openwall.com/lists/oss-security/2012/11/28/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235 CVE-2012-5580 (Format string vulnerability in the print_proxies function in bin/proxy ...) - libproxy 0.3.1-4 (low) [squeeze] - libproxy (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=791086 NOTE: https://code.google.com/p/libproxy/source/detail?r=475 CVE-2012-5579 REJECTED CVE-2012-5578 (Python keyring has insecure permissions on new databases allowing worl ...) - python-keyring 0.9.2-1.1 (bug #696736) [wheezy] - python-keyring 0.7.1-1+deb7u1 [squeeze] - python-keyring (Minor issue) CVE-2012-5577 (Python keyring lib before 0.10 created keyring files with world-readab ...) - python-keyring 0.9.2-1.1 (bug #696736) [wheezy] - python-keyring 0.7.1-1+deb7u1 [squeeze] - python-keyring (Minor issue) CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Window Du ...) - gimp 2.8.2-2 (bug #693977) [squeeze] - gimp 2.6.10-1+squeeze4 NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392 NOTE: https://www.openwall.com/lists/oss-security/2012/11/21/2 CVE-2012-5575 (Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x befo ...) NOT-FOR-US: Apache CXF CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote a ...) NOT-FOR-US: Symfony CVE-2012-5573 (The connection_edge_process_relay_cell function in or/relay.c in Tor b ...) {DLA-17-1} - tor 0.2.3.25-1 (low) [squeeze] - tor 0.2.4.23-1~deb6u1 CVE-2012-5572 (CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.p ...) - libdancer-perl 1.3114+dfsg-1 (low; bug #694279) [wheezy] - libdancer-perl (Minor issue) NOTE: https://github.com/PerlDancer/Dancer/issues/859 CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...) - keystone 2012.1.1-11 (bug #694433) CVE-2012-5570 (The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remo ...) NOT-FOR-US: Drupal addon CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic webma ...) NOT-FOR-US: Drupal Webmail module CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...) - tomcat6 6.0.41-3 (unimportant) NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs - tomcat7 (unimportant) NOTE: No fix planned, can be mitigated by config changes: NOTE: http://mail-archives.apache.org/mod_mbox/tomcat-users/200906.mbox/%3C4A3D0884.5080309@apache.org%3E CVE-2012-5567 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) - kronolith2 (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid) CVE-2012-5566 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...) - kronolith2 (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid) CVE-2012-5565 (Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in Hord ...) - php-horde-imp (This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code) CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users t ...) - android-tools (unimportant; bug #688280) NOTE: Since android-tools/5.1.1.r38-1 the android-tools-adb binary package NOTE: is not built anymore which used to contain /usr/bin/adb. NOTE: Package still affected source-wise - android-platform-system-core (unimportant; bug #823792) NOTE: Neutralised by kernel hardening CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not prope ...) - keystone (Folsom branch not packaged yet) CVE-2012-5562 (rhn-proxy: may transmit credentials over clear-text when accessing RHN ...) NOT-FOR-US: Red Hat Satellite CVE-2012-5561 (script/katello-generate-passphrase in Katello 1.1 uses world-readable ...) NOT-FOR-US: Katello CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows local u ...) - mate-settings-daemon (Fixed before initial release) NOTE: https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4 CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...) NOT-FOR-US: Drupal chaos tool addon CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7. ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5555 REJECTED CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module 7 ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5552 (The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7 ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5551 (Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp m ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5550 (SQL injection vulnerability in the Time Spent module 6.x and 7.x for D ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5549 (Cross-site request forgery (CSRF) vulnerability in the Time Spent modu ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5548 (Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Sear ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5546 REJECTED CVE-2012-5545 (Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis m ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5544 (The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote au ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5543 (The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a fiel ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5542 (Cross-site request forgery (CSRF) vulnerability in the Commerce Extra ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5541 (Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6. ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5540 (Multiple cross-site scripting (XSS) vulnerabilities in the Hostip modu ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5539 (The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5538 (Cross-site scripting (XSS) vulnerability in the FileField Sources modu ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5537 (The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allo ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5536 (A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat En ...) NOT-FOR-US: Red Hat-specific packaging flaw CVE-2012-5535 (gnome-system-log polkit policy allows arbitrary files on the system to ...) - gnome-system-log (Fedora-specific issue) CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through ...) {DSA-2598-1} - weechat 0.3.9.2-1 [wheezy] - weechat 0.3.8-1+deb7u1 CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd before ...) - lighttpd 1.4.31-2 [squeeze] - lighttpd (Introduced in 1.4.31) CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distri ...) - linux-tools (userspace daemon not built until later) - linux-2.6 (userspace daemon not yet present) CVE-2012-5531 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Port ...) NOT-FOR-US: GateIn Portal CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PC ...) - pcp 3.7.1 (bug #698735; low) NOTE: first package in unstable is 3.7.1 (package has no debian revision) [squeeze] - pcp 3.3.3-squeeze3 CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allow ...) {DSA-2648-1} - firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210) - firebird2.1 (Only affects 2.5.x) CVE-2012-5528 REJECTED CVE-2012-5527 (Claws Mail vCalendar plugin: credentials exposed on interface ...) - claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391) NOTE: More of a plain bug than a security vulnerability CVE-2012-5526 (CGI.pm module before 3.63 for Perl does not properly escape newlines i ...) {DSA-2587-1 DSA-2586-1} - perl 5.14.2-16 (bug #693420) - libcgi-pm-perl 3.61-2 (bug #693421) NOTE: http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes NOTE: https://github.com/markstos/CGI.pm/pull/23 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=877015 CVE-2012-5525 (The get_page_from_gfn hypercall function in Xen 4.2 allows local PV gu ...) - xen (Only affects Xen 4.2 and xen-unstable) CVE-2012-5524 (The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 ...) - gajim 0.15.4-1 (low; bug #693282) [wheezy] - gajim 0.15.1-4.1 [squeeze] - gajim (Minor issue) CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...) - mantis 1.2.11-1.2 (bug #693283) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=14704 CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value during d ...) - mantis 1.2.11-1.2 (bug #693283) [squeeze] - mantis (Unsupported in squeeze-lts) NOTE: http://www.mantisbt.org/bugs/view.php?id=14496 CVE-2012-5521 (quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon pe ...) - quagga (unimportant; bug #693102) NOTE: Not reproducible so far CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...) NOT-FOR-US: OpenVAS Manager CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian ...) {DSA-2600-1} - cups 1.5.3-2.7 (bug #692791) NOTE: http://seclists.org/oss-sec/2012/q4/253 CVE-2012-5518 (vdsm: certificate generation upon node creation allowing vdsm to start ...) NOT-FOR-US: ovirt / vsdm CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel b ...) - linux 3.2.41-1 - linux-2.6 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-5516 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when mo ...) NOT-FOR-US: Red Hat Enterprise Virtualisation Manager CVE-2012-5515 (The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and ...) {DSA-2582-1} - xen 4.1.3-5 CVE-2012-5514 (The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earl ...) {DSA-2582-1} - xen 4.1.3-6 CVE-2012-5513 (The XENMEM_exchange handler in Xen 4.2 and earlier does not properly c ...) {DSA-2582-1} - xen 4.1.3-5 CVE-2012-5512 (Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allow ...) - xen 4.1.3-5 [squeeze] - xen (Only affects Xen 4.1) CVE-2012-5511 (Stack-based buffer overflow in the dirty video RAM tracking functional ...) {DSA-2636-1} - xen 4.1.3-5 CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly r ...) {DSA-2582-1} - xen 4.1.3-5 CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...) NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian) CVE-2012-5508 (The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remo ...) - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/24 CVE-2012-5507 (AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone ...) - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/23 CVE-2012-5506 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5505 (atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote atta ...) - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/21 CVE-2012-5504 (Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plo ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5503 (ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attac ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5502 (Cross-site scripting (XSS) vulnerability in safe_html.py in Plone befo ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5501 (at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remo ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5500 (The batch id change script (renameObjectsByPaths.py) in Plone before 4 ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5499 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5498 (queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows rem ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5497 (membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5496 (kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5495 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5494 (Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5493 (gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote auth ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5492 (uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remo ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5491 (z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5490 (Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone befor ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5489 (The App.Undo.UndoSupport.get_request_var_or_attr function in Zope befo ...) - zope2.12 (bug #692899) [wheezy] - zope2.12 (Minor issue) NOTE: https://plone.org/products/plone/security/advisories/20121106/05 CVE-2012-5488 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows r ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 CVE-2012-5487 (The sandbox whitelisting function (allowmodule.py) in Plone before 4.2 ...) - zope2.12 (unimportant; bug #692899) NOTE: Non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899#20 CVE-2012-5486 (ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used ...) - zope2.12 2.12.26-1 (bug #692899) NOTE: https://plone.org/products/plone/security/advisories/20121106/02 CVE-2012-5485 (registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allow ...) NOT-FOR-US: Plone not packaged in Debian, see bug #692899 NOTE: https://plone.org/products/plone/security/advisories/20121106/01 CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtai ...) NOT-FOR-US: FreeIPA CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Am ...) - keystone (Debian packaging enforces correct permissions) CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (20 ...) - glance 2012.1.1-3 (bug #692641) CVE-2012-5481 (Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass ...) - moodle (Doesn't affect 1.9 or 2.2) CVE-2012-5480 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5479 (The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-5477 (The smart proxy in Foreman before 1.1 uses a umask set to 0, which all ...) - foreman (bug #663101) CVE-2012-5476 (Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard pack ...) - horizon (File is installed with 0700 perms in Debian) CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files] REJECTED CVE-2012-5474 (The file /etc/openstack-dashboard/local_settings within Red Hat OpenSt ...) - horizon 2012.1.1-7 CVE-2012-5473 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x befor ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5472 (lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 a ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5471 (The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x ...) - moodle 2.2.3.dfsg-2.6 [wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0 [squeeze] - moodle (Doesn't affect 1.9) CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attacke ...) - vlc 2.0.4-1 (bug #692130) [wheezy] - vlc 2.0.3-4 [squeeze] - vlc (Minor issue) CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remot ...) NOT-FOR-US: Wordpress plugin CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer component in ...) {DSA-2585-1} - bogofilter 1.2.2+dfsg1-2 (bug #695139) CVE-2012-5467 RESERVED CVE-2012-5466 RESERVED CVE-2012-5465 RESERVED CVE-2012-5464 RESERVED CVE-2012-5463 RESERVED CVE-2012-5462 RESERVED CVE-2012-5461 RESERVED CVE-2012-5460 (Cross-site scripting (XSS) vulnerability in the help page in Juniper S ...) NOT-FOR-US: Juniper IVE OS CVE-2012-5459 (Untrusted search path vulnerability in VMware Workstation 8.x before 8 ...) NOT-FOR-US: VMware CVE-2012-5458 (VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 ...) NOT-FOR-US: VMware CVE-2012-5457 RESERVED CVE-2012-5456 (The Zoner AntiVirus Free application for Android does not verify that ...) NOT-FOR-US: Zoner AntiVirus Free CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search compon ...) NOT-FOR-US: Joomla! component CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not ...) NOT-FOR-US: ATutor AContent CVE-2012-5453 (SQL injection vulnerability in user/index_inline_editor_submit.php in ...) NOT-FOR-US: ATutor AContent CVE-2012-5452 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2 ...) NOT-FOR-US: Subrion CMS CVE-2012-5451 (Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi bef ...) NOT-FOR-US: TVMOBiLi CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in lib/filemanager/ima ...) NOT-FOR-US: CMS Made Simple CVE-2012-5449 RESERVED CVE-2012-5448 RESERVED CVE-2012-5447 RESERVED CVE-2012-5446 RESERVED CVE-2012-5445 (The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 s ...) NOT-FOR-US: Cisco Native Unix CVE-2012-5444 (Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not pr ...) NOT-FOR-US: Cisco TelePresence Video Communication Server CVE-2012-5443 RESERVED CVE-2012-5442 RESERVED CVE-2012-5441 RESERVED CVE-2012-5440 RESERVED CVE-2012-5439 RESERVED CVE-2012-5438 RESERVED CVE-2012-5437 RESERVED CVE-2012-5436 RESERVED CVE-2012-5435 RESERVED CVE-2012-5434 RESERVED CVE-2012-5433 RESERVED CVE-2012-5432 RESERVED CVE-2012-5431 RESERVED CVE-2012-5430 RESERVED CVE-2012-5429 (The VPN driver in Cisco VPN Client on Windows does not properly intera ...) NOT-FOR-US: Cisco VPN Client CVE-2012-5428 RESERVED CVE-2012-5427 (Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T a ...) NOT-FOR-US: Cisco IOS CVE-2012-5426 RESERVED CVE-2012-5425 RESERVED CVE-2012-5424 (Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and 5 ...) NOT-FOR-US: Cisco CVE-2012-5423 RESERVED CVE-2012-5422 (Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 devic ...) NOT-FOR-US: Cisco IOS CVE-2012-5421 RESERVED CVE-2012-5420 RESERVED CVE-2012-5419 (Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for ...) NOT-FOR-US: Cisco Adaptive Security Appliance CVE-2012-5418 RESERVED CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not ...) NOT-FOR-US: Cisco CVE-2012-5416 (Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before ...) NOT-FOR-US: Cisco CVE-2012-5415 (Race condition on Cisco Adaptive Security Appliances (ASA) devices all ...) NOT-FOR-US: Cisco CVE-2012-5414 RESERVED CVE-2012-5413 RESERVED CVE-2012-5412 RESERVED CVE-2012-5411 RESERVED CVE-2012-5410 RESERVED CVE-2012-5409 (AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and ea ...) NOT-FOR-US: Siemens SiPass CVE-2012-5408 RESERVED CVE-2012-5407 RESERVED CVE-2012-5406 RESERVED CVE-2012-5405 RESERVED CVE-2012-5404 RESERVED CVE-2012-5403 RESERVED CVE-2012-5402 RESERVED CVE-2012-5401 RESERVED CVE-2012-5400 RESERVED CVE-2012-5399 RESERVED CVE-2012-5398 RESERVED CVE-2012-5397 RESERVED CVE-2012-5396 RESERVED CVE-2012-5395 (Session fixation vulnerability in the CentralAuth extension for MediaW ...) NOT-FOR-US: Mediawiki extension CentralAuth CVE-2012-5394 (Cross-site request forgery (CSRF) vulnerability in the CentralAuth ext ...) NOT-FOR-US: mediawiki extension CentralAuth CVE-2012-5393 RESERVED CVE-2012-5392 RESERVED CVE-2012-5391 (Session fixation vulnerability in Special:UserLogin in MediaWiki befor ...) - mediawiki 1:1.19.3-1 (bug #694998) [squeeze] - mediawiki 1:1.15.5-2squeeze5 CVE-2012-5390 (The standard universe shadow (condor_shadow.std) component in Condor 7 ...) - condor (standard universe is disabled in the Debian package, see bug #697936) NOTE: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html CVE-2012-5389 (NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and e ...) NOT-FOR-US: PowerTCP WebServer for ActiveX CVE-2012-5388 (Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the Wh ...) NOT-FOR-US: White Label CMS CVE-2012-5387 (Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in ...) NOT-FOR-US: WordPress plugin White Label CMS CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 all ...) NOT-FOR-US: phpPaleo CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows rem ...) - webcalendar CVE-2012-5384 (Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen W ...) - webcalendar CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel bef ...) - linux 3.8-1 (unimportant) - linux-2.6 (unimportant) NOTE: btrfs support in Squeeze/Wheezy is not ready for production use CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel bef ...) - linux 3.8-1 (unimportant) - linux-2.6 (unimportant) NOTE: btrfs support in Squeeze/Wheezy is not ready for production use CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...) - openjdk-6 (low) [wheezy] - openjdk-6 (Minor issue, no icedtea fix, too complex to backport) [squeeze] - openjdk-6 (Minor issue, no icedtea fix, too complex to backport) - openjdk-7 (low) [jessie] - openjdk-7 (Minor issue, no icedtea fix, too complex to backport) [wheezy] - openjdk-7 (Minor issue, no icedtea fix, too complex to backport) CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...) - rubinius (bug #591817) CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...) {DLA-263-1} - ruby1.8 (Only affects 1.9.x) - ruby1.9.1 1.9.3.194-4 (bug #693024) CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to ...) {DLA-209-1} - jruby 1.5.6-5 (bug #694694) CVE-2012-5369 RESERVED CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained th ...) - phpmyadmin (Only affects 3.5.x, not packaged yet, see #691728) CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...) NOT-FOR-US: OrangeHRM CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...) NOT-FOR-US: Mac OS X CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...) - kfreebsd-8 (low; bug #690986) - kfreebsd-9 (low) [squeeze] - kfreebsd-8 (Minor issue) [squeeze] - kfreebsd-9 (Minor issue) [wheezy] - kfreebsd-8 (Minor issue) [wheezy] - kfreebsd-9 (Minor issue) CVE-2012-5364 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...) NOT-FOR-US: Microsoft Windows CVE-2012-5363 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...) - kfreebsd-8 (low; bug #690986) [squeeze] - kfreebsd-8 (Minor issue) [squeeze] - kfreebsd-9 (Minor issue) [wheezy] - kfreebsd-8 (Minor issue) [wheezy] - kfreebsd-9 (Minor issue) - kfreebsd-9 (low) CVE-2012-5362 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...) NOT-FOR-US: Microsoft Windows CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue CVE-2012-5360 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue CVE-2012-5359 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.5-1 (bug #694483) NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017 NOTE: upstream needs a proper sample to reproduce the issue CVE-2012-5358 (The XSLTCompiledTransform function in Ektron Content Management System ...) NOT-FOR-US: Ektron Content Management System CVE-2012-5357 (Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCom ...) NOT-FOR-US: Ektron Content Management System CVE-2012-5356 (The apt-add-repository tool in Ubuntu Software Properties 0.75.x befor ...) NOT-FOR-US: apt-add-repository CVE-2012-5355 (welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to ov ...) NOT-FOR-US: xdiagnose CVE-2012-5354 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...) - iceape (Only affects 16.x release from experimental) - iceweasel (Only affects 16.x release from experimental) - icedove (Only affects 16.x release from experimental) CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) - mysql-5.1 (Windows issue only) - mysql-5.5 (Windows issue only) CVE-2012-5382 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) NOT-FOR-US: Zend Server CVE-2012-5381 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) - php5 (Windows issue only) CVE-2012-5380 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) - ruby1.8 (Windows issue only) - ruby1.9.1 (Windows issue only) CVE-2012-5379 (** DISPUTED ** Untrusted search path vulnerability in the installation ...) NOT-FOR-US: ActivePython CVE-2012-5378 (Untrusted search path vulnerability in the installation functionality ...) NOT-FOR-US: ActiveTcl CVE-2012-5377 (Untrusted search path vulnerability in the installation functionality ...) NOT-FOR-US: ActivePerl CVE-2012-5353 (Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge me ...) NOT-FOR-US: Eduserv CVE-2012-5352 (Java Open Single Sign-On Project Home (JOSSO) allows remote attackers ...) NOT-FOR-US: josso CVE-2012-5351 (Apache Axis2 allows remote attackers to forge messages and bypass auth ...) - axis2c (low; bug #690421) [squeeze] - axis2c (Unsupported in squeeze-lts) NOTE: https://issues.apache.org/jira/browse/AXIS2C-1607 CVE-2012-5350 (SQL injection vulnerability in the Pay With Tweet plugin before 1.2 fo ...) NOT-FOR-US: wp Pay With Tweet plugin CVE-2012-5349 (Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the ...) NOT-FOR-US: wp Pay With Tweet plugin CVE-2012-5348 (SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote ...) NOT-FOR-US: MangosWeb CVE-2012-5347 (TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: TinyWebGallery CVE-2012-5346 (Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live ...) NOT-FOR-US: WP live plugin CVE-2012-5345 (Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (ak ...) NOT-FOR-US: batch file CVE-2012-5344 (Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpT ...) NOT-FOR-US: batch file CVE-2012-5343 (Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3 ...) NOT-FOR-US: Limny CVE-2012-5342 (Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS a ...) NOT-FOR-US: SenseSites CommonSense CVE-2012-5341 (Multiple cross-site scripting (XSS) vulnerabilities in statistik.php i ...) NOT-FOR-US: Otterware StatIt CVE-2012-5340 (SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer ...) - mupdf 1.2-2 NOTE: https://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f919270b6a732ff45c3ba2d0c105e2b39e9c9bc9 (1.1) CVE-2012-5339 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...) - phpmyadmin (Only affects 3.5.x, not packaged yet, see #691728) CVE-2012-5338 (Open redirect vulnerability in JForum 2.1.9 allows remote attackers to ...) NOT-FOR-US: JForum CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in ...) NOT-FOR-US: jForum CVE-2012-5336 (lib/base.php in ownCloud before 4.0.8 does not properly validate the u ...) - owncloud 4.0.8debian-1 CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote a ...) NOT-FOR-US: Tiny Server CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing Press ...) NOT-FOR-US: Pre Printing Press CVE-2012-5333 (SQL injection vulnerability in page.php in Pre Printing Press allows r ...) NOT-FOR-US: Pre Printing Press CVE-2012-5332 (at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial ...) NOT-FOR-US: at32 Reverse Proxy CVE-2012-5331 (Directory traversal vulnerability in asaanCart 0.9 allows remote attac ...) NOT-FOR-US: asaanCart CVE-2012-5330 (Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 a ...) NOT-FOR-US: asaanCart CVE-2012-5329 (Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated ...) NOT-FOR-US: TYPSoft FTP CVE-2012-5328 (Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0. ...) NOT-FOR-US: WP Mingle Forum CVE-2012-5327 (Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the ...) NOT-FOR-US: WP Mingle Forum CVE-2012-5326 (Cross-site request forgery (CSRF) vulnerability in admin/function.php ...) NOT-FOR-US: IDevSpot iSupport CVE-2012-5325 (Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redi ...) NOT-FOR-US: WP Shortcode CVE-2012-5324 (Multiple buffer overflows in the Pdf Printer Preferences ActiveX Contr ...) NOT-FOR-US: PDF-XChange CVE-2012-5323 (Cross-site request forgery (CSRF) vulnerability in webconfig/admin_pas ...) NOT-FOR-US: Xavi ADSL router CVE-2012-5322 (Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allo ...) NOT-FOR-US: Xavi ADSL router CVE-2012-5321 (tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote att ...) - tikiwiki CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi in Sag ...) NOT-FOR-US: Sagem CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in setup/security.cgi ...) NOT-FOR-US: D-link CVE-2012-5318 (Unrestricted file upload vulnerability in uploadify/scripts/uploadify. ...) NOT-FOR-US: WP Kish CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware Shop bef ...) NOT-FOR-US: Bigware Shop CVE-2012-5316 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam ...) NOT-FOR-US: Barracuda CVE-2012-5315 (Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 ...) NOT-FOR-US: iReport CVE-2012-5314 (Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier ...) NOT-FOR-US: ViewGit CVE-2012-5313 (SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows r ...) NOT-FOR-US: Snitz Forums CVE-2012-5312 (SQL injection vulnerability in Tribiq CMS allows remote attackers to e ...) NOT-FOR-US: Tribiq CMS CVE-2012-5311 REJECTED CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...) NOT-FOR-US: WP e-Commerce plugin CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim F ...) NOT-FOR-US: Lotus Notes CVE-2012-5308 (Cross-site request forgery (CSRF) vulnerability in servlet/traveler in ...) NOT-FOR-US: Lotus Notes CVE-2012-5307 (Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lo ...) NOT-FOR-US: Lotus Notes CVE-2012-5306 (Stack-based buffer overflow in the SelectDirectory method in DcsCliCtr ...) NOT-FOR-US: D-Link CVE-2012-5305 (Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Softwar ...) NOT-FOR-US: DirectAdmin CVE-2012-5304 (Static code injection vulnerability in administration/install.php in Y ...) NOT-FOR-US: YVS CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite arbitrar ...) - monkey (unimportant) CVE-2012-5302 (The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not pro ...) NOT-FOR-US: TIBCO Formvine CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 suppor ...) NOT-FOR-US: Cerberus CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tien ...) NOT-FOR-US: MyStore Xpress CVE-2012-5299 (Mavili Guestbook, as released in November 2007, allows remote attacker ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5298 (Mavili Guestbook, as released in November 2007, stores guestbook.mdb u ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5297 (SQL injection vulnerability in edit.asp in Mavili Guestbook, as releas ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5296 (Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestboo ...) NOT-FOR-US: Mavili Guestbook CVE-2012-5295 (Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Foru ...) NOT-FOR-US: FuseTalk CVE-2012-5294 (SQL injection vulnerability in art_detalle.php in MyStore Xpress Tiend ...) NOT-FOR-US: MyStore Xpress CVE-2012-5293 (Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 ...) NOT-FOR-US: SAPID CMS CVE-2012-5292 (Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remot ...) NOT-FOR-US: Atar2b CVE-2012-5291 (SQL injection vulnerability in team.php in Posse Softball Director CMS ...) NOT-FOR-US: Posse Softball Director CVE-2012-5290 (Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remo ...) NOT-FOR-US: EasyWebRealEstate CVE-2012-5289 (Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote ...) NOT-FOR-US: Plogger CVE-2012-5288 (SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows ...) NOT-FOR-US: phpMyDirectory CVE-2012-XXXX [gunicorn fails to drop supplemental groups] - gunicorn 0.14.5-3 (low) [squeeze] - gunicorn (Minor issue) CVE-2012-5287 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5284 REJECTED CVE-2012-5283 REJECTED CVE-2012-5282 REJECTED CVE-2012-5281 REJECTED CVE-2012-5280 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5279 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5278 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5277 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5276 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5275 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5274 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5273 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...) NOT-FOR-US: Adobe Shockwave CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5270 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5269 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5268 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5267 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5266 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5265 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5264 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5263 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5262 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5261 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5260 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5259 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5258 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5257 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5256 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5255 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5254 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5253 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5252 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5251 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5250 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5249 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5248 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x befo ...) NOT-FOR-US: Adobe Flash Player CVE-2012-5247 RESERVED CVE-2012-5246 RESERVED CVE-2012-5245 RESERVED CVE-2012-5244 (Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earli ...) NOT-FOR-US: Banana Dance CVE-2012-5243 (functions/suggest.php in Banana Dance B.2.6 and earlier allows remote ...) NOT-FOR-US: Banana Dance CVE-2012-5242 (Directory traversal vulnerability in functions/suggest.php in Banana D ...) NOT-FOR-US: Banana Dance CVE-2012-5241 RESERVED NOT-FOR-US: PEAR module for Twitter CVE-2012-5240 (Buffer overflow in the dissect_tlv function in epan/dissectors/packet- ...) - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-5239 REJECTED CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x b ...) - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP ...) - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-5236 REJECTED CVE-2012-5235 RESERVED CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before 7.1.6 allo ...) - ocportal (bug #625865) CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote module befo ...) NOT-FOR-US: Drupal stickynote CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form component ...) NOT-FOR-US: Joomla component CVE-2012-5231 (miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP c ...) NOT-FOR-US: miniCMS CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) compon ...) NOT-FOR-US: Joomla jesusmit CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...) NOT-FOR-US: WP Gallery2 CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...) - phplist (bug #612288) CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2. ...) NOT-FOR-US: Peel Shopping CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2 ...) NOT-FOR-US: Peel Shopping CVE-2012-5225 (Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart ...) NOT-FOR-US: xClick CVE-2012-5224 (PHP remote file inclusion vulnerability in vb/includes/vba_cmps_includ ...) NOT-FOR-US: vbadvanced CMPS CVE-2012-5223 (The proc_deutf function in includes/functions_vbseocp_abstract.php in ...) NOT-FOR-US: vBSEO CVE-2012-5222 (HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote att ...) NOT-FOR-US: HP Service Manager CVE-2012-5221 (Directory traversal vulnerability in the PostScript Interpreter, as us ...) NOT-FOR-US: HP LaserJet CVE-2012-5220 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.0 ...) NOT-FOR-US: HP Storage Data Protector CVE-2012-5219 (Cross-site scripting (XSS) vulnerability in HP Managed Printing Admini ...) NOT-FOR-US: HP Managed Printing Administration CVE-2012-5218 (HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not e ...) NOT-FOR-US: HP ElitePad 900 CVE-2012-5217 (HP System Management Homepage (SMH) before 7.2.1 allows remote attacke ...) NOT-FOR-US: HP System Management Homepage CVE-2012-5216 (Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 ...) NOT-FOR-US: HP ProCurve CVE-2012-5215 (Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, M12 ...) NOT-FOR-US: HP LaserJet Pro CVE-2012-5214 (Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 al ...) NOT-FOR-US: HP ServiceCenter CVE-2012-5213 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5212 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5211 (Unspecified vulnerability in HP Intelligent Management Center (iMC) Us ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5210 (Unspecified vulnerability in HP Intelligent Management Center (iMC) TA ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5209 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5208 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5207 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5206 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5205 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5204 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5203 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5202 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5201 (Unspecified vulnerability in HP Intelligent Management Center (iMC) an ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5200 (Cross-site scripting (XSS) vulnerability in HP Intelligent Management ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-5199 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and e ...) NOT-FOR-US: HP ArcSight Connector Appliance CVE-2012-5198 (Unspecified vulnerability in HP ArcSight Connector Appliance before 6. ...) NOT-FOR-US: HP ArcSight Connector Appliance CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...) - condor 7.8.2~dfsg.1-1+deb7u1 (unimportant) NOTE: Not exploitable according to upstream CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x befo ...) - condor 7.8.2~dfsg.1-1+deb7u1 (unimportant) NOTE: Not exploitable according to upstream CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util.c in ...) {DSA-2586-1} - perl 5.14.2-14 (bug #689314) CVE-2012-5194 RESERVED CVE-2012-5193 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 ...) NOT-FOR-US: Bitweaver CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bitweave ...) NOT-FOR-US: Bitweaver CVE-2012-5191 RESERVED CVE-2012-5190 (Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability ...) NOT-FOR-US: Prizm Content Connect CVE-2012-5189 REJECTED CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1 ...) NOT-FOR-US: mora Downloader CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...) NOT-FOR-US: Android CVE-2012-5186 (Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and ...) NOT-FOR-US: FLUGELz netmania myu-s, PHP WeblogSystem CVE-2012-5185 (Directory traversal vulnerability in the Olive Toast Documents Pro Fil ...) NOT-FOR-US: Olive Toast Documents Pro File Viewer CVE-2012-5184 (Cross-site scripting (XSS) vulnerability in the Olive Toast Documents ...) NOT-FOR-US: Olive Toast Documents Pro File Viewer CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows attacker ...) NOT-FOR-US: Loctouch application for Android CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not proper ...) NOT-FOR-US: Loctouch application for Android CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 t ...) NOT-FOR-US: concrete5 CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini application be ...) NOT-FOR-US: Opera Mobile application for Android CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini applicat ...) NOT-FOR-US: Boat Browser application for Android CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin ...) NOT-FOR-US: WordPress Welcart plugin CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before ...) NOT-FOR-US: WordPress Welcart plugin CVE-2012-5176 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 5.0 ...) NOT-FOR-US: KENT-WEB ACCESS REPORT CVE-2012-5175 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 ...) NOT-FOR-US: KENT-WEB ACCESS REPORT CVE-2012-5174 (The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR ...) NOT-FOR-US: KYOCERA CVE-2012-5173 (Session fixation vulnerability in BIGACE before 2.7.8 allows remote at ...) NOT-FOR-US: BIGACE CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows ...) NOT-FOR-US: Asial Monaca Debugger CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...) NOT-FOR-US: Be Graph's BeZIP CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote attac ...) NOT-FOR-US: Pebble blog CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in file_manager/pr ...) NOT-FOR-US: ATutor AContent CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify arbitra ...) NOT-FOR-US: ATutor AContent CVE-2012-5167 (Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 ...) NOT-FOR-US: ATutor AContent CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9. ...) {DSA-2560-1} - bind9 1:9.8.1.dfsg.P1-4.3 (bug #690118) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5165 RESERVED CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) NOT-FOR-US: Fork CMS CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in ...) NOT-FOR-US: OSClass not in Debian CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OS ...) NOT-FOR-US: OSClass not in Debian CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 ...) NOT-FOR-US: Citrix XenApp CVE-2012-5160 RESERVED CVE-2012-5158 (Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessi ...) - puppet (Only affects Puppet Enterprise) CVE-2012-5157 (Google Chrome before 24.0.1312.52 does not properly handle image data ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-5156 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-5155 (Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropri ...) - chromium-browser (Only affects MacOS X) CVE-2012-5154 (Integer overflow in Google Chrome before 24.0.1312.52 on Windows allow ...) - chromium-browser (Only affects Windows) CVE-2012-5153 (Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.5 ...) - libv8 (bug #702261; kMinFixedIndex and kMaxFixedIndex are hard-coded to the correct values in 3.8.9.20, a later commit introduced a caclulation that produced incorrect values) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a d ...) [squeeze] - chromium-browser - chromium-browser 24.0.1312.68-1 CVE-2012-5151 (Integer overflow in Google Chrome before 24.0.1312.52 allows remote at ...) - chromium-browser (PDF functionality not available in Chromium) CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Backports to 0.5.x not useful, too many checks missing) - libav 6:0.8.6-1 CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before 24.0.1 ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5148 (The hyphenation functionality in Google Chrome before 24.0.1312.52 doe ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5147 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5146 (Google Chrome before 24.0.1312.52 allows remote attackers to bypass th ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5145 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0. ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser - ffmpeg (Vulnerable code not present) - libav 6:0.8.5-1 (bug #694483) NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646 CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows remote at ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle history nav ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5141 (Google Chrome before 23.0.1271.97 does not properly restrict instantia ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5140 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5139 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file paths, ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before 23.0.1271.95 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5136 (Google Chrome before 23.0.1271.91 does not properly perform a cast of ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5135 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5134 (Heap-based buffer underflow in the xmlParseAttValueComplex function in ...) {DSA-2580-1} - libxml2 2.8.0+dfsg1-7 (bug #694521) CVE-2012-5133 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5132 (Google Chrome before 23.0.1271.91 allows remote attackers to cause a d ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5131 (Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitiga ...) - chromium-browser (MacOS-specific) CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote atta ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...) - mesa 8.0.5-3 (bug #695248) [squeeze] - mesa (Vulnerable code not present) CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.6 ...) - libv8 (Doesn't affect 3.8.9, see bug #694808) CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote at ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser - libwebp 0.1.3-3+nmu1 (bug #704573) NOTE: fixed in experimental version 0.2.1-1 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=442152 NOTE: Upstream announce: https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE CVE-2012-5126 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5125 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5124 (Google Chrome before 23.0.1271.64 does not properly handle textures, w ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5123 (Skia, as used in Google Chrome before 23.0.1271.64, allows remote atta ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5122 (Google Chrome before 23.0.1271.64 does not properly perform a cast of ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5121 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5120 (Google V8 before 3.13.7.5, as used in Google Chrome before 23.0.1271.6 ...) - libv8 (Doesn't affect 3.8.9, see bug #694808) CVE-2012-5119 (Race condition in Pepper, as used in Google Chrome before 23.0.1271.64 ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5118 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly valida ...) - chromium-browser (MacOS-specific) CVE-2012-5117 (Google Chrome before 23.0.1271.64 does not properly restrict the loadi ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5116 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allo ...) - chromium-browser 24.0.1312.68-1 [squeeze] - chromium-browser CVE-2012-5115 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly mitiga ...) - chromium-browser (MacOS-specific) CVE-2012-5114 RESERVED CVE-2012-5113 RESERVED CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as u ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of Pepp ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote atta ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote atta ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-5107 RESERVED CVE-2012-5106 (Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote ...) NOT-FOR-US: FreeFloat FTP Server CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror durin ...) - phpmyadmin CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1 ...) NOT-FOR-US: SQLiteManager CVE-2012-5104 (Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in U ...) NOT-FOR-US: UBB.threads CVE-2012-5103 (Multiple cross-site scripting (XSS) vulnerabilities in action/add-subm ...) NOT-FOR-US: Ggb guestbook CVE-2012-5102 (Cross-site scripting (XSS) vulnerability in inc/extensions.php in Vert ...) NOT-FOR-US: VertigoServ CVE-2012-5101 (SQL injection vulnerability in the JExtensions JE Poll component befor ...) NOT-FOR-US: Joomla! extension CVE-2012-5100 (Directory traversal vulnerability in HServer 0.1.1 allows remote attac ...) NOT-FOR-US: HServer CVE-2012-5099 (Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and ...) NOT-FOR-US: PHPB2B CVE-2012-5098 (Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, a ...) NOT-FOR-US: PHP-X-Links CVE-2012-5097 (Unspecified vulnerability in the Oracle Access Manager component in Or ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-5096 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2012-5095 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 10 CVE-2012-5094 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...) NOT-FOR-US: Oracle Agile PLM CVE-2012-5093 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...) NOT-FOR-US: Oracle Agile PLM CVE-2012-5092 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...) NOT-FOR-US: Oracle Agile PLM CVE-2012-5091 (Unspecified vulnerability in the Oracle Agile Product Supplier Collabo ...) NOT-FOR-US: Oracle Supply Chain CVE-2012-5090 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...) NOT-FOR-US: Oracle Supply Chain CVE-2012-5089 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5088 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5087 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5086 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) CVE-2012-5085 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5084 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5083 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-5082 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-5081 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) NOTE: https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html NOTE: https://robotattack.org/ CVE-2012-5080 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-5079 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5078 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-5077 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5076 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5075 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5074 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5073 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5072 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5071 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5070 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5069 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5068 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-5067 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-5066 (Unspecified vulnerability in the Oracle Central Designer component in ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-5065 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-5064 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-5063 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-5062 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle CVE-2012-5061 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-5060 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-5059 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-5058 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-5057 (CRLF injection vulnerability in ownCloud Server before 4.0.8 allows re ...) - owncloud 4.0.8debian-1 CVE-2012-5056 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...) - owncloud 4.0.8debian-1 CVE-2012-5055 (DaoAuthenticationProvider in VMware SpringSource Spring Security befor ...) NOT-FOR-US: VMware CVE-2012-5054 (Integer overflow in the copyRawDataTo method in the Matrix3D class in ...) NOT-FOR-US: Adobe Flash player CVE-2012-5053 (Cross-site scripting (XSS) vulnerability in the Receiver Web User Inte ...) NOT-FOR-US: Trimble Infrastructure GNSS Series Receivers CVE-2012-5052 RESERVED CVE-2012-5051 (Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows re ...) NOT-FOR-US: VMware CVE-2012-5050 (Cross-site scripting (XSS) vulnerability in the server in VMware vCent ...) NOT-FOR-US: VMware CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...) NOT-FOR-US: Optimalog Optima PLC CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...) NOT-FOR-US: Optimalog Optima PLC CVE-2012-5047 RESERVED CVE-2012-5046 RESERVED CVE-2012-5045 RESERVED CVE-2012-5044 (Cisco IOS before 15.3(1)T, when media flow-around is not used, allows ...) NOT-FOR-US: Cisco IOS CVE-2012-5043 RESERVED CVE-2012-5042 RESERVED CVE-2012-5041 RESERVED CVE-2012-5040 RESERVED CVE-2012-5039 (The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote a ...) NOT-FOR-US: Cisco IOS CVE-2012-5038 RESERVED CVE-2012-5037 (The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 ...) NOT-FOR-US: Cisco IOS CVE-2012-5036 (Cisco IOS before 12.2(50)SY1 allows remote authenticated users to caus ...) NOT-FOR-US: Cisco IOS CVE-2012-5035 RESERVED CVE-2012-5034 RESERVED CVE-2012-5033 RESERVED CVE-2012-5032 (The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation ...) NOT-FOR-US: Cisco IOS CVE-2012-5031 RESERVED CVE-2012-5030 (Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable ...) NOT-FOR-US: Cisco IOS CVE-2012-5029 RESERVED CVE-2012-5028 RESERVED CVE-2012-5027 RESERVED CVE-2012-5026 RESERVED CVE-2012-5025 RESERVED CVE-2012-5024 RESERVED CVE-2012-5023 RESERVED CVE-2012-5022 RESERVED CVE-2012-5021 RESERVED CVE-2012-5020 RESERVED CVE-2012-5019 RESERVED CVE-2012-5018 RESERVED CVE-2012-5017 (Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause ...) NOT-FOR-US: Cisco IOS CVE-2012-5016 RESERVED CVE-2012-5015 RESERVED CVE-2012-5014 (Cisco IOS before 15.1(2)SY allows remote authenticated users to cause ...) NOT-FOR-US: Cisco IOS CVE-2012-5013 RESERVED CVE-2012-5012 RESERVED CVE-2012-5011 RESERVED CVE-2012-5010 (ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (AS ...) NOT-FOR-US: Adaptive Security Appliance Adaptive Security Appliance (ASA) CVE-2012-5009 RESERVED CVE-2012-5008 RESERVED CVE-2012-5007 (The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote at ...) NOT-FOR-US: Drupal addon Fill PDF CVE-2012-5006 (Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug ...) NOT-FOR-US: Caminova DjVu Browser CVE-2012-5005 (Cross-site request forgery (CSRF) vulnerability in admin/admin_options ...) NOT-FOR-US: VR GPub CVE-2012-5004 (Multiple cross-site request forgery (CSRF) vulnerabilities in Parallel ...) NOT-FOR-US: Parallels H-Sphere CVE-2012-5003 (nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not p ...) NOT-FOR-US: No Machine NX Web Companion CVE-2012-5002 (Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in R ...) NOT-FOR-US: SR10 FTP server in Ricoh DC Software CVE-2012-5001 (Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node M ...) NOT-FOR-US: Hitachi JP1/Cm2/Network Node Manager CVE-2012-5000 (SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 ...) NOT-FOR-US: deV!L'z Clanportal CVE-2012-4999 (Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote ...) NOT-FOR-US: Mercury MR804 Router CVE-2012-4998 (Cross-site scripting (XSS) vulnerability in index.php in starCMS allow ...) NOT-FOR-US: starCMS CVE-2012-4997 (Directory traversal vulnerability in acp/index.php in AneCMS allows re ...) NOT-FOR-US: AneCMS CVE-2012-4996 (Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlie ...) NOT-FOR-US: RivetTracker CVE-2012-4995 (Cross-site scripting (XSS) vulnerability in admin/userrighthandling.ph ...) - limesurvey (bug #472802) CVE-2012-4994 (SQL injection vulnerability in admin/admin.php in LimeSurvey before 1. ...) - limesurvey (bug #472802) CVE-2012-4993 (torrent_functions.php in RivetTracker 1.03 and earlier does not proper ...) NOT-FOR-US: RivetTracker CVE-2012-4992 (Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote ...) NOT-FOR-US: FlashFXP CVE-2012-4991 (Multiple directory traversal vulnerabilities in Axway SecureTransport ...) NOT-FOR-US: Axway SecureTransport CVE-2012-4990 (SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2 ...) NOT-FOR-US: OpenX CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in ...) NOT-FOR-US: OpenX CVE-2012-4988 (Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JP ...) NOT-FOR-US: XnView CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allo ...) NOT-FOR-US: RealPlayer CVE-2012-4986 RESERVED CVE-2012-4985 (The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICM ...) NOT-FOR-US: Forescout device CVE-2012-4984 RESERVED CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Forescout C ...) NOT-FOR-US: Forescout device CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterAC ...) NOT-FOR-US: Forescout device CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vuln ...) NOT-FOR-US: Toshiba ConfigFree CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...) NOT-FOR-US: Toshiba ConfigFree Utility CVE-2012-4979 RESERVED CVE-2012-4978 RESERVED CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext cre ...) NOT-FOR-US: Layton Helpbox CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to d ...) NOT-FOR-US: Layton Helpbox CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticate ...) NOT-FOR-US: Layton Helpbox CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the l ...) NOT-FOR-US: Layton Helpbox CVE-2012-4973 RESERVED CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox ...) NOT-FOR-US: Layton Helpbox CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow r ...) NOT-FOR-US: Layton Helpbox CVE-2012-4970 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: Polycom HDX Video End Points CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml ...) NOT-FOR-US: Internet Explorer CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2. ...) - silverstripe (bug #528461) CVE-2012-4967 REJECTED CVE-2012-4966 REJECTED CVE-2012-4965 REJECTED CVE-2012-4964 (The Samsung printer firmware before 20121031 has a hardcoded read-writ ...) NOT-FOR-US: Samsung printer firmware CVE-2012-4963 RESERVED CVE-2012-4962 RESERVED CVE-2012-4961 RESERVED CVE-2012-4960 (The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, ...) NOT-FOR-US: Huawei devices CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File Repor ...) NOT-FOR-US: Novell File Reporter CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File Repor ...) NOT-FOR-US: Novell File Reporter CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File R ...) NOT-FOR-US: Novell File Reporter CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0 ...) NOT-FOR-US: Novell File Reporter CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Adm ...) NOT-FOR-US: Dell OpenManage SA CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote au ...) NOT-FOR-US: Vanilla Forums CVE-2012-4953 (The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Syma ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2012-4952 (Henry Schein Dentrix G5 before 15.1.294 has a single internal-database ...) NOT-FOR-US: Dentrix CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in V ...) NOT-FOR-US: VeriFone VeriCentre Web Console CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search page in ...) NOT-FOR-US: Pattern Insight CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenti ...) NOT-FOR-US: ESRI ArcGIS CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses th ...) NOT-FOR-US: Fortinet Fortigate UTM applianced CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store databa ...) NOT-FOR-US: FleetCommander CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR f ...) NOT-FOR-US: FleetCommander CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote ...) NOT-FOR-US: FleetCommander CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile FleetComman ...) NOT-FOR-US: FleetCommander CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in Agile Fl ...) NOT-FOR-US: FleetCommander CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetComm ...) NOT-FOR-US: FleetCommander CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander and Fle ...) NOT-FOR-US: FleetCommander CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files com ...) NOT-FOR-US: Axigen Free Mail Server CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in th ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface in Patte ...) NOT-FOR-US: Pattern Insight CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern Insight ...) NOT-FOR-US: Pattern Insight CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote attackers to co ...) NOT-FOR-US: Pattern Insight CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...) NOT-FOR-US: Pattern Insight CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled i ...) NOT-FOR-US: TomatoCart CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...) NOT-FOR-US: Novell ZENworks CVE-2012-4932 (Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices ...) NOT-FOR-US: SimpleInvoices CVE-2012-4931 RESERVED CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Ch ...) - iceweasel (Firefox ESV not support SDPY) - chromium-browser 21.0.1180.57~r148591-1 [squeeze] - chromium-browser NOTE: http://www.imperialviolet.org/2012/09/21/crime.html CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google C ...) {DSA-3253-1 DSA-2627-1 DSA-2626-1 DSA-2579-1 DLA-400-1 DLA-0008-1} - iceweasel (Firefox ESV not use TLS/SSL compression) - chromium-browser 22.0.1229.94~r161065-1 NOTE: Chromium fix: https://chromiumcodereview.appspot.com/10825183/ [squeeze] - chromium-browser - qt4-x11 4:4.8.2+dfsg-3 - apache2 2.2.22-12 (bug #689936) - lighttpd 1.4.30-1 (bug #700399) - nginx 1.2.1-2.2 (bug #700426) [squeeze] - qt4-x11 (Minor issue) - openssl 1.0.1e-5 (low; bug #728055) [wheezy] - openssl 1.0.1e-2+deb7u11 [squeeze] - openssl 0.9.8o-4squeeze16 NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html NOTE: openssl disables compression by default since dc5744cb78da6f2bcafeeefe22c604a51b52dfc5 - pound 2.6-3 (bug #727197) CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Ox ...) NOT-FOR-US: Oxwall 1.1.1 CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1 ...) - limesurvey (bug #472802) CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...) NOT-FOR-US: Img Pals Photo Host 1.0 CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals Phot ...) NOT-FOR-US: Img Pals Photo Host 1.0 CVE-2012-4924 (Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX ...) NOT-FOR-US: ASUS Net4Switch CVE-2012-4923 (Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall ...) NOT-FOR-US: Endian Firewall 2.4 CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0 ...) {DSA-2548-1} - tor 0.2.3.22-rc-1 CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS ...) NOT-FOR-US: WordPress plugin DVS Custom Notification CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...) NOT-FOR-US: Wordpress plugin Zingiri Forum CVE-2012-4919 (Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerabilit ...) NOT-FOR-US: Gallery Plugin1.4 for WordPress CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...) NOT-FOR-US: Call of Duty Elite for iOS CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, which all ...) NOT-FOR-US: The TripAdvisor app 6.6 for iOS CVE-2012-4916 RESERVED CVE-2012-4915 (Directory traversal vulnerability in the Google Doc Embedder plugin be ...) NOT-FOR-US: WordPress plugin Google Doc Embedder CVE-2012-4914 (Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows ...) NOT-FOR-US: CoolPDF CVE-2012-4913 RESERVED CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) NOT-FOR-US: Novell GroupWise CVE-2012-4911 REJECTED CVE-2012-4910 REJECTED CVE-2012-4909 (Google Chrome before 18.0.1025308 on Android allows remote attackers t ...) - chromium-browser (Chrome on Android) CVE-2012-4908 (Google Chrome before 18.0.1025308 on Android allows remote attackers t ...) - chromium-browser (Chrome on Android) CVE-2012-4907 (Google Chrome before 18.0.1025308 on Android does not properly restric ...) - chromium-browser (Chrome on Android) CVE-2012-4906 (Google Chrome before 18.0.1025308 on Android does not properly restric ...) - chromium-browser (Chrome on Android) CVE-2012-4905 (Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0. ...) - chromium-browser (Chrome on Android) CVE-2012-4904 (Cross-application scripting vulnerability in Google Chrome before 18.0 ...) - chromium-browser (Chrome on Android) CVE-2012-4903 (Google Chrome before 18.0.1025308 on Android does not properly restric ...) - chromium-browser (Chrome on Android) CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Template ...) NOT-FOR-US: Template CMS (http://template-cms.ru) CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ear ...) NOT-FOR-US: Template CMS (http://template-cms.ru) CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via unt ...) NOT-FOR-US: Corel WordPerfect Office X6 CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing alg ...) NOT-FOR-US: WellinTech KingView CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a ...) NOT-FOR-US: Mesh OS CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie D ...) NOT-FOR-US: VMware CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote atta ...) NOT-FOR-US: SumatraPDF CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote atta ...) NOT-FOR-US: SumatraPDF CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows user-ass ...) NOT-FOR-US: Google SketchUp CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in file/sho ...) - webmin CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 201 ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngi ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2012-4890 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 201 ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4889 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Fi ...) NOT-FOR-US: ManageEngine Firewall Analyzer CVE-2012-4888 RESERVED CVE-2012-4887 RESERVED CVE-2012-4886 (Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 p ...) NOT-FOR-US: WPS Office CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x befor ...) - mediawiki 1:1.19.0-1 (low) [squeeze] - mediawiki CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4883 (Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R20 ...) NOT-FOR-US: 3DVIA Composer V6R2012 CVE-2012-4882 (Multiple untrusted search path vulnerabilities in 3D XML Player 6.212. ...) NOT-FOR-US: 3D XML Player CVE-2012-4881 (Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894- ...) NOT-FOR-US: moviEZ CVE-2012-4880 (Multiple untrusted search path vulnerabilities in DVD Architect Pro 5. ...) NOT-FOR-US: DVD Architect Pro CVE-2012-4879 (The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 7 ...) NOT-FOR-US: WAGO I/O System 758 CVE-2012-4878 (Absolute path traversal vulnerability in controlcenter.php in FlatnuX ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4877 (Cross-site request forgery (CSRF) vulnerability in controlcenter.php i ...) NOT-FOR-US: FlatnuX CMS CVE-2012-4876 (Stack-based buffer overflow in the UltraMJCam ActiveX Control in TREND ...) NOT-FOR-US: TRENDnet SecurView TV-IP121WN Wireless Internet Camera CVE-2012-4875 - ghostscript (Even if it's genuine, it's Windows-code) CVE-2012-4874 (Unspecified vulnerability in the Another WordPress Classifieds Plugin ...) NOT-FOR-US: Another WordPress Classifieds Plugin for Wordpress CVE-2012-4873 (Cross-site scripting (XSS) vulnerability in the file_download function ...) NOT-FOR-US: GNU Board CVE-2012-4872 (Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako F ...) NOT-FOR-US: Kayako Fusion CVE-2012-4871 (Cross-site scripting (XSS) vulnerability in service/graph_html.php in ...) NOT-FOR-US: LiteSpeed Web Server CVE-2012-4870 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and ...) NOT-FOR-US: FreePBX CVE-2012-4869 (The callme_startcall function in recordings/misc/callme_page.php in Fr ...) NOT-FOR-US: FreePBX CVE-2012-4868 (SQL injection vulnerability in news.php in the Kunena component 1.7.2 ...) NOT-FOR-US: Kunena component for Joomla! CVE-2012-4867 (Directory traversal vulnerability in modules/com_vtiger_workflow/sortf ...) NOT-FOR-US: vtiger CRM CVE-2012-4866 (Untrusted search path vulnerability in Xtreme RAT 3.5 allows local use ...) NOT-FOR-US: Xtreme RAT CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to e ...) NOT-FOR-US: Oreans Themida CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Oreans WinLicense CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability ...) NOT-FOR-US: IBM CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 t ...) NOT-FOR-US: IBM Rational CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM InfoSph ...) NOT-FOR-US: IBM InfoSphere CVE-2012-4860 RESERVED CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space Mana ...) NOT-FOR-US: IBM Tivoli Storage Manager CVE-2012-4858 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 be ...) NOT-FOR-US: IBM Informix CVE-2012-4856 (The Service Processor in the IBM Power 5 91##-### and 940#-### before ...) NOT-FOR-US: IBM Power 5 CVE-2012-4855 (Unspecified vulnerability in the web services framework in IBM WebSphe ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2012-4854 RESERVED CVE-2012-4853 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Appli ...) NOT-FOR-US: Websphere CVE-2012-4852 RESERVED CVE-2012-4851 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...) NOT-FOR-US: Websphere CVE-2012-4850 (IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, w ...) NOT-FOR-US: Websphere CVE-2012-4849 RESERVED CVE-2012-4848 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Found ...) NOT-FOR-US: IBM Lotus Foundations Start CVE-2012-4847 (IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote auth ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4846 (IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly f ...) NOT-FOR-US: IBM Lotus Notes CVE-2012-4845 (The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, d ...) NOT-FOR-US: AIX CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM Lotu ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-4843 RESERVED CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino 8.5. ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-4841 (Unspecified vulnerability in Tivoli Endpoint Manager for Remote Contro ...) NOT-FOR-US: Tivoli CVE-2012-4840 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4839 (The OSLC interface in the Web Client (aka CQ Web) in IBM Rational Clea ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-4838 (IBM Flex System Chassis Management Module (CMM) and Integrated Managem ...) NOT-FOR-US: IBM Flex CVE-2012-4837 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4836 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4835 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-4834 (Directory traversal vulnerability in LayerLoader.jsp in the theme comp ...) NOT-FOR-US: IBM WebSphere Portal CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not p ...) NOT-FOR-US: AIX CVE-2012-4832 (Information Services Framework (ISF) in IBM InfoSphere Information Ser ...) NOT-FOR-US: IBM InfoSphere CVE-2012-4831 RESERVED CVE-2012-4830 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0. ...) NOT-FOR-US: WebSphere CVE-2012-4829 (IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 c ...) NOT-FOR-US: IBM CVE-2012-4828 RESERVED CVE-2012-4827 RESERVED CVE-2012-4826 (Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored ...) NOT-FOR-US: IBM DB2 CVE-2012-4825 (Multiple cross-site scripting (XSS) vulnerabilities in servlet/travele ...) NOT-FOR-US: Lotus Notes CVE-2012-4824 (Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Tra ...) NOT-FOR-US: Lotus Notes CVE-2012-4823 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and e ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4822 (Multiple unspecified vulnerabilities in the JRE component in IBM Java ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4821 (Multiple unspecified vulnerabilities in the JRE component in IBM Java ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4820 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and e ...) - openjdk-6 (Vulnerabilities specific to IBM Java) - openjdk-7 (Vulnerabilities specific to IBM Java) CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossa ...) NOT-FOR-US: IBM InfoSphere CVE-2012-4818 (IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow a remo ...) NOT-FOR-US: IBM CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...) NOT-FOR-US: IBM AIX, VIOS CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows rem ...) NOT-FOR-US: IBM Rational Automation Framework CVE-2012-4815 RESERVED CVE-2012-4814 RESERVED CVE-2012-4813 REJECTED CVE-2012-4812 REJECTED CVE-2012-4811 REJECTED CVE-2012-4810 REJECTED CVE-2012-4809 REJECTED CVE-2012-4808 REJECTED CVE-2012-4807 REJECTED CVE-2012-4806 REJECTED CVE-2012-4805 REJECTED CVE-2012-4804 REJECTED CVE-2012-4803 REJECTED CVE-2012-4802 REJECTED CVE-2012-4801 REJECTED CVE-2012-4800 REJECTED CVE-2012-4799 REJECTED CVE-2012-4798 REJECTED CVE-2012-4797 REJECTED CVE-2012-4796 REJECTED CVE-2012-4795 REJECTED CVE-2012-4794 REJECTED CVE-2012-4793 REJECTED CVE-2012-4792 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4791 (Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote ...) NOT-FOR-US: Microsoft Exchange Server CVE-2012-4790 REJECTED CVE-2012-4789 REJECTED CVE-2012-4788 REJECTED CVE-2012-4787 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4786 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...) NOT-FOR-US: Microsoft Windows CVE-2012-4785 REJECTED CVE-2012-4784 REJECTED CVE-2012-4783 REJECTED CVE-2012-4782 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 a ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4781 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-4780 REJECTED CVE-2012-4779 REJECTED CVE-2012-4778 REJECTED CVE-2012-4777 (The code-optimization feature in the reflection implementation in Micr ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Fr ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-4775 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Internet Explorer CVE-2012-4774 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...) NOT-FOR-US: Microsoft Windows CVE-2012-4773 (Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion ...) NOT-FOR-US: Subrion CMS CVE-2012-4772 (SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 a ...) NOT-FOR-US: Subrion CMS CVE-2012-4771 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS bef ...) NOT-FOR-US: Subrion CMS CVE-2012-4770 RESERVED CVE-2012-4769 RESERVED CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugi ...) NOT-FOR-US: Download Monitor plugin for WordPress CVE-2012-4767 (An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the se ...) NOT-FOR-US: Safend Data Protector Agent CVE-2012-4766 RESERVED CVE-2012-4765 RESERVED CVE-2012-4764 RESERVED CVE-2012-4763 RESERVED CVE-2012-4762 RESERVED CVE-2012-4761 (A Privilege Escalation vulnerability exists in the unquoted Service Bi ...) NOT-FOR-US: Safend CVE-2012-4760 (A Privilege Escalation vulnerability exists in the SDBagent service in ...) NOT-FOR-US: Safend CVE-2012-4759 (Untrusted search path vulnerability in facebook_plugin.fpi in the Face ...) NOT-FOR-US: Foxit Reader CVE-2012-4758 (Multiple untrusted search path vulnerabilities in CyberLink PowerProdu ...) NOT-FOR-US: CyberLink PowerProducer CVE-2012-4757 (Multiple untrusted search path vulnerabilities in CyberLink StreamAuth ...) NOT-FOR-US: CyberLink StreamAuthor CVE-2012-4756 (Multiple untrusted search path vulnerabilities in CyberLink LabelPrint ...) NOT-FOR-US: CyberLink LabelPrint CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before 2.6 ...) NOT-FOR-US: SciTools Unterstand CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 10. ...) NOT-FOR-US: MindManager CVE-2012-4410 REJECTED CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17 NOTE: False assignment, will be rejected, see #688123 CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict acce ...) - owncloud 4.0.7debian-1 [wheezy] - owncloud 4.0.4debian2-2 NOTE: https://www.openwall.com/lists/oss-security/2012/09/05/17 CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) - otrs2 3.1.7+dfsg1-6 [squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4 NOTE: DSA-2733-1 CVE-2012-4750 (A Code Execution vulnerability exists in the memcpy function when proc ...) NOT-FOR-US: Ezhometech EzServer CVE-2012-4749 RESERVED CVE-2012-4748 RESERVED CVE-2012-4746 (Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi i ...) NOT-FOR-US: ZTE ZXDSL CVE-2012-4745 (Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity ...) NOT-FOR-US: Acuity CMS CVE-2012-4744 (Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche s ...) NOT-FOR-US: Zeroboard CVE-2012-4743 (Multiple SQL injection vulnerabilities in ssearch.php in Siche search ...) NOT-FOR-US: Zeroboard CVE-2012-4742 (The web_node_register function in web.pm in PacketFence before 3.0.2 m ...) NOT-FOR-US: PacketFence CVE-2012-4741 (The RADIUS extension in PacketFence before 3.3.0 uses a different user ...) NOT-FOR-US: PacketFence CVE-2012-4740 (Cross-site scripting (XSS) vulnerability in the captive portal in Pack ...) NOT-FOR-US: PacketFence CVE-2012-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL V ...) NOT-FOR-US: Barracuda SSL VPN CVE-2012-4738 RESERVED CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterprise ...) NOT-FOR-US: Sophos SafeGuard Enterprise CVE-2012-4735 REJECTED CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4733 (Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the D ...) {DSA-2671-1} - request-tracker4 4.0.12-2 (bug #709836) CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4731 (FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly ...) {DSA-2568-1} - rtfm - request-tracker4 4.0.7-2 CVE-2012-4730 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...) {DSA-2567-1} - request-tracker3.8 - request-tracker4 4.0.7-2 CVE-2012-4729 (Wing FTP Server before 4.1.1 allows remote authenticated users to caus ...) NOT-FOR-US: Wing FTP Server CVE-2012-4728 (The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in QP ...) NOT-FOR-US: Corel Quattro Pro CVE-2012-4727 RESERVED CVE-2012-4726 REJECTED CVE-2012-4725 REJECTED CVE-2012-4724 REJECTED CVE-2012-4723 REJECTED CVE-2012-4722 REJECTED CVE-2012-4721 REJECTED CVE-2012-4720 REJECTED CVE-2012-4719 REJECTED CVE-2012-4718 REJECTED CVE-2012-4717 REJECTED CVE-2012-4716 (N-Tron 702-W Industrial Wireless Access Point devices use the same (1) ...) NOT-FOR-US: N-Tron 702-W Industrial Wireless Access Point CVE-2012-4715 (Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enter ...) NOT-FOR-US: Rockwell Automation RSLinx Enterprise CVE-2012-4714 (Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryT ...) NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform CVE-2012-4713 (Integer signedness error in RNADiagnostics.dll in Rockwell Automation ...) NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform CVE-2012-4712 (Moxa EDR-G903 series routers with firmware before 2.11 have a hardcode ...) NOT-FOR-US: Moxa EDR-G903 CVE-2012-4711 (Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingVie ...) NOT-FOR-US: WellinTech KingView CVE-2012-4710 (Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attack ...) NOT-FOR-US: Invensys Wonderware Win-XML Exporter CVE-2012-4709 (Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote atta ...) NOT-FOR-US: Invensys CVE-2012-4708 (Stack-based buffer overflow in 3S CODESYS Gateway-Server before 2.3.9. ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4707 (3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to e ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4706 (Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4705 (Directory traversal vulnerability in 3S CODESYS Gateway-Server before ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4704 (Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows ...) NOT-FOR-US: 3S CODESYS Gateway-Server CVE-2012-4703 (The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 ...) NOT-FOR-US: Emerson DeltaV CVE-2012-4702 (360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hard ...) NOT-FOR-US: 360 Systems Maxx, Image Server Maxx, and Image Server CVE-2012-4701 (Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and ...) NOT-FOR-US: Tridium Niagara CVE-2012-4700 (Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in Int ...) NOT-FOR-US: IntegraXor SCADA Server CVE-2012-4699 REJECTED CVE-2012-4698 (Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS ...) NOT-FOR-US: Siemens RuggedCom Rugged Operating System CVE-2012-4697 (TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have har ...) NOT-FOR-US: TURCK Programmable Gateway CVE-2012-4696 (Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and ...) NOT-FOR-US: Beijer CVE-2012-4695 (LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR ...) NOT-FOR-US: Rockwell Automation RSLinx Enterprise CVE-2012-4694 (Moxa EDR-G903 series routers with firmware before 2.11 do not use a su ...) NOT-FOR-US: Moxa EDR-G903 CVE-2012-4693 (Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSui ...) NOT-FOR-US: Invensys Wonderware InTouch CVE-2012-4692 REJECTED CVE-2012-4691 (Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x be ...) NOT-FOR-US: Siemens Automation License Manager CVE-2012-4690 (Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 14 ...) NOT-FOR-US: Rockwell CVE-2012-4689 (Integer overflow in CimWebServer.exe in GE Intelligent Platforms Profi ...) NOT-FOR-US: Proficy CVE-2012-4688 (The Central application in i-GEN opLYNX before 2.01.9 allows remote at ...) NOT-FOR-US: Central application in i-GEN opLYNX CVE-2012-4687 (Post Oak AWAM Bluetooth Reader Traffic System does not use a sufficien ...) NOT-FOR-US: Post Oak CVE-2012-4686 (SQL injection vulnerability in announcement.php in vBulletin 4.1.10 al ...) NOT-FOR-US: vBulletin CVE-2012-4685 (Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP ...) NOT-FOR-US: Arbor Networks Peakflow SP CVE-2012-4684 (The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 suppor ...) - bitcoin 0.7.2-1 CVE-2012-4683 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...) - bitcoin 0.7.2-1 (bug #688813) CVE-2012-4682 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...) - bitcoin 0.7.2-1 (bug #688813) CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) CVE-2012-XXXX - juju 0.5.1-2 (bug #685728) CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) compone ...) - openjdk-7 7u3-2.1.2-1 - openjdk-6 CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...) NOT-FOR-US: IOServer CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoo ...) - newscoop (bug #604113) CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, whi ...) - munin 2.0~rc6-1 (low; bug #668667) [squeeze] - munin (Only affects 2.x branch) CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain privilege ...) NOT-FOR-US: Tunnelblick CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and e ...) NOT-FOR-US: Tunnelblick CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...) NOT-FOR-US: PluXml CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...) NOT-FOR-US: PluXml CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...) NOT-FOR-US: Neoinvoice CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...) NOT-FOR-US: Apple iChat Server CVE-2012-4671 (psyced before 20120821 does not verify that a request was made for an ...) NOT-FOR-US: psyced CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request was mad ...) NOT-FOR-US: Tigase CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify ...) NOT-FOR-US: M-Link CVE-2012-4666 RESERVED CVE-2012-4665 RESERVED CVE-2012-4664 RESERVED CVE-2012-4663 (The DCERPC inspection engine on Cisco Adaptive Security Appliances (AS ...) NOT-FOR-US: Cisco CVE-2012-4662 (The DCERPC inspection engine on Cisco Adaptive Security Appliances (AS ...) NOT-FOR-US: Cisco CVE-2012-4661 (Stack-based buffer overflow in the DCERPC inspection engine on Cisco A ...) NOT-FOR-US: Cisco CVE-2012-4660 (The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco CVE-2012-4659 (The AAA functionality in the IPv4 SSL VPN implementations on Cisco Ada ...) NOT-FOR-US: Cisco CVE-2012-4658 (The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows ...) NOT-FOR-US: Cisco IOS CVE-2012-4657 RESERVED CVE-2012-4656 RESERVED CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not ...) NOT-FOR-US: Cisco Secure Desktop CVE-2012-4654 RESERVED CVE-2012-4653 RESERVED CVE-2012-4652 RESERVED CVE-2012-4651 (Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote att ...) NOT-FOR-US: Cisco IOS CVE-2012-4650 RESERVED CVE-2012-4649 RESERVED CVE-2012-4648 RESERVED CVE-2012-4647 RESERVED CVE-2012-4646 RESERVED CVE-2012-4645 RESERVED CVE-2012-4644 RESERVED CVE-2012-4643 (The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 serie ...) NOT-FOR-US: Cisco CVE-2012-4642 RESERVED CVE-2012-4641 RESERVED CVE-2012-4640 RESERVED CVE-2012-4639 RESERVED CVE-2012-4638 (Cisco IOS before 15.1(1)SY allows local users to cause a denial of ser ...) NOT-FOR-US: Cisco IOS CVE-2012-4637 RESERVED CVE-2012-4636 RESERVED CVE-2012-4635 RESERVED CVE-2012-4634 RESERVED CVE-2012-4633 RESERVED CVE-2012-4632 RESERVED CVE-2012-4631 RESERVED CVE-2012-4630 RESERVED CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Ad ...) NOT-FOR-US: Cisco ASA CVE-2012-4628 RESERVED CVE-2012-4627 RESERVED CVE-2012-4626 RESERVED CVE-2012-4625 RESERVED CVE-2012-4624 RESERVED CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 ...) NOT-FOR-US: Cisco IOS CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, ...) NOT-FOR-US: Cisco IOS CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote ...) NOT-FOR-US: Cisco IOS CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, wh ...) NOT-FOR-US: Cisco IOS CVE-2012-4619 (The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 ...) NOT-FOR-US: Cisco IOS CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, ...) NOT-FOR-US: Cisco IOS CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...) NOT-FOR-US: Cisco IOS CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data Protection ...) NOT-FOR-US: EMC Data Protection Advisor CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardc ...) NOT-FOR-US: EMC CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration Manager ...) NOT-FOR-US: EMC CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 d ...) NOT-FOR-US: EMC RSA Data Protection Manager Appliance CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Ma ...) NOT-FOR-US: EMC RSA Data Protection Manager Appliance CVE-2012-4611 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptiv ...) NOT-FOR-US: EMC CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server root pass ...) NOT-FOR-US: VMware CVE-2012-4609 (The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows ...) NOT-FOR-US: EMC RSA NetWitness Informer CVE-2012-4608 (Cross-site request forgery (CSRF) vulnerability in the web interface i ...) NOT-FOR-US: EMC RSA NetWitness Informer CVE-2012-4607 (Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7 ...) NOT-FOR-US: EMC NetWorker CVE-2012-4667 (Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x ...) - squidclamav (bug #685398) CVE-2012-4606 (Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Cri ...) NOT-FOR-US: Citrix XenServer CVE-2012-4605 (The default configuration of the SMTP component in Websense Email Secu ...) NOT-FOR-US: Websense Email Security CVE-2012-4604 (The TRITON management console in Websense Web Security before 7.6 Hotf ...) NOT-FOR-US: Websense Web Security CVE-2012-4603 (Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix ...) NOT-FOR-US: Citrix CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in admin/code/tce_ ...) NOT-FOR-US: Nicola Asuni TCExam CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 1 ...) NOT-FOR-US: Nicola Asuni TCExam CVE-2012-4600 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) {DSA-2536-1} - otrs2 3.1.7+dfsg1-5 CVE-2012-4599 (McAfee SmartFilter Administration, and SmartFilter Administration Bess ...) NOT-FOR-US: McAfee SmartFilter Administration CVE-2012-4598 (An unspecified ActiveX control in McAfee Virtual Technician (MVT) befo ...) NOT-FOR-US: McAfee Virtual Technician CVE-2012-4597 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web Secur ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4596 (Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 ...) NOT-FOR-US: McAfee Email Gateway CVE-2012-4595 (McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 throug ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4594 (McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote auth ...) NOT-FOR-US: McAfee ePolicy Orchestrator CVE-2012-4593 (McAfee Application Control and Change Control 5.1.x and 6.0.0 do not e ...) NOT-FOR-US: McAfee Application Control and Change Control CVE-2012-4592 (The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 doe ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4591 (About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) b ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4590 (Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in t ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4589 (Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) b ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4588 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server b ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4587 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server b ...) NOT-FOR-US: McAfee Enterprise Mobility Manager CVE-2012-4586 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4585 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4584 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4583 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4582 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4581 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 bef ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4580 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web Secur ...) NOT-FOR-US: McAfee Email and Web Security CVE-2012-4579 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5. ...) - phpmyadmin 4:3.4.11.1-1 [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2012-4578 (The geli encryption provider 7 before r239184 on FreeBSD 10 uses a wea ...) - freebsd-utils (only affects dev version of 10) NOTE: not sure if the bug is in the userland tool or in the kernel device CVE-2012-4577 (The Linux firmware image on (1) Korenix Jetport 5600 series serial-dev ...) NOT-FOR-US: Korenix Jetport 5600 CVE-2012-4576 (FreeBSD: Input Validation Flaw allows local users to gain elevated pri ...) - kfreebsd-8 8.3-6 (bug #694096) - kfreebsd-9 9.0-9 (bug #694097) - kfreebsd-10 10.0~svn252032-1 (bug #694098) [squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze4 CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler 1.5.2 f ...) - pgbouncer 1.5.2-4 [squeeze] - pgbouncer (Minor issue) CVE-2012-4574 (Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (20 ...) - glance 2012.1.1-2 (bug #692641) CVE-2012-4572 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and J ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-4571 (Python Keyring 0.9.1 does not securely initialize the cipher when encr ...) - python-keyring 0.9.2-1 (bug #675379) [wheezy] - python-keyring 0.7.1-1+deb7u1 [squeeze] - python-keyring (Minor issue) CVE-2012-4570 (SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in L ...) - php-letodms-core 3.3.8-1 CVE-2012-4569 (Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr. ...) - letodms 3.3.9+dfsg-1 CVE-2012-4568 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...) - letodms 3.3.9+dfsg-1 CVE-2012-4567 (Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (former ...) - letodms 3.3.9+dfsg-1 CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify ...) {DSA-2573-1} - radsecproxy 1.6.2-1 CVE-2012-4565 (The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux ...) - linux 3.2.35-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize funct ...) {DSA-2575-1} - tiff3 (The tiff-tools package is only built from the tiff source package) - tiff 4.0.2-5 (bug #692345) CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2 ...) - gwt (bug #691900) [squeeze] - gwt (Vulnerable code not present) CVE-2012-4562 (Multiple integer overflows in libssh before 0.5.3 allow remote attacke ...) {DSA-2577-1} - libssh 0.5.3-1 CVE-2012-4561 (The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from ...) {DSA-2577-1} - libssh 0.5.3-1 CVE-2012-4560 (Multiple buffer overflows in libssh before 0.5.3 allow remote attacker ...) - libssh 0.5.3-1 [squeeze] - libssh (Vulnerable code not present) CVE-2012-4559 (Multiple double free vulnerabilities in the (1) agent_sign_data functi ...) {DSA-2577-1} - libssh 0.5.3-1 CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the balancer_ha ...) {DSA-2637-1} - apache2 2.2.22-13 (low) CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2. ...) {DSA-2579-1} - apache2 2.2.22-1 CVE-2012-4556 (The token processing system (pki-tps) in Red Hat Certificate System (R ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-4555 (The token processing system (pki-tps) in Red Hat Certificate System (R ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote OpenID serve ...) - drupal7 7.14-1.1 (bug #690817) - drupal6 (according to upstream) NOTE: http://drupal.org/node/1815912 CVE-2012-4553 (Drupal 7.x before 7.16 allows remote attackers to obtain sensitive inf ...) - drupal7 7.14-1.1 (bug #690817) - drupal6 (according to upstream) NOTE: http://drupal.org/node/1815912 CVE-2012-4552 (Stack-based buffer overflow in the error function in ssg/ssgParser.cxx ...) - plib 1.8.5-6 (low; bug #694810) [squeeze] - plib (Minor issue) CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows r ...) NOT-FOR-US: libunity-webapps CVE-2012-4550 (JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-4549 (The processInvocation function in org.jboss.as.ejb3.security.Authoriza ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0 ...) - cgit (Fixed before the initial upload into the archive) CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unkn ...) - awstats NOTE: awredir.pl is not installed into the binary package CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise Linux ...) NOT-FOR-US: FreeIPA CVE-2012-4545 (The http_negotiate_create_context function in protocol/http/http_negot ...) {DSA-2592-1} - elinks 0.12~pre5-9 CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the siz ...) {DSA-2636-1} - xen 4.1.3-4 (low; bug #688125) CVE-2012-4543 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certifi ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-4542 (block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly c ...) - linux (unimportant) - linux-2.6 (unimportant) [squeeze] - linux-2.6 (Too intrusive to backport) NOTE: No upstream fix seems to be planned/treated as non-issue. Marking as unimportant CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows re ...) - piwik (bug #506933) CVE-2012-4540 (Off-by-one error in the invoke function in IcedTeaScriptablePluginObje ...) {DSA-2768-1} - icedtea-web 1.3.1-1 (bug #692608) NOTE: http://seclists.org/oss-sec/2012/q4/237 CVE-2012-4539 (Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hyper ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4538 (The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4537 (Xen 3.4 through 4.2, and possibly earlier versions, does not properly ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4536 (The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in ...) - xen 4.1.3-4 [squeeze] - xen (Only affects 4.1.x) CVE-2012-4535 (Xen 3.4 through 4.2, and possibly earlier versions, allows local guest ...) {DSA-2582-1} - xen 4.1.3-4 CVE-2012-4534 (org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x befor ...) - tomcat7 7.0.28-1 (bug #695251) - tomcat6 6.0.35-6 (bug #695250) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the ...) {DSA-2563-1} - viewvc 1.1.5-1.4 (low; bug #691062) CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in modules/mod_languages/tmpl ...) NOT-FOR-US: Joomla addon CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...) NOT-FOR-US: Joomla! CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel bef ...) - linux 3.2.35-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4529 (The org.apache.catalina.connector.Response.encodeURL method in Red Hat ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server allow ...) - modsecurity-apache 2.6.6-5 (bug #691146) - libapache-mod-security [squeeze] - libapache-mod-security (Minor issue) CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-as ...) - mcrypt 2.6.8-1.3 (unimportant; bug #690924) NOTE: patch proposed by submitter at RH bugzilla is incorrect NOTE: Only occurs in cmdline parsing, no priv escalation. Only a security issue in constructed setups CVE-2012-4526 (piwigo has XSS in password.php (incomplete fix for CVE-2012-4525) ...) - piwigo (incomplete fix not applied to Debian package) [squeeze] - piwigo (vulnerable code not present) CVE-2012-4525 (piwigo has XSS in password.php ...) - piwigo [squeeze] - piwigo (vulnerable code not present) CVE-2012-4524 (xlockmore before 5.43 'dclock' security bypass vulnerability ...) - xlockmore (low) CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when th ...) {DSA-2573-1} - radsecproxy 1.6.2-1 CVE-2012-4522 (The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlev ...) {DLA-235-1} - ruby1.8 (Only affects 1.9.x, see bug #690670) - ruby1.9.1 1.9.3.194-3 (bug #690670) CVE-2012-4521 [rejected dupe assignment] REJECTED CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before 1 ...) {DSA-2634-1} - python-django 1.4.2-1 (bug #691145) CVE-2012-4519 (Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS. ...) NOT-FOR-US: Zenphoto CVE-2012-4518 (ibacm 1.0.7 creates files with world-writable permissions, which allow ...) NOT-FOR-US: ibacm CVE-2012-4517 (ibacm before 1.0.6 does not properly manage reference counts for multi ...) NOT-FOR-US: ibacm CVE-2012-4516 (librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6 ...) - librdmacm 1.0.16-1 (bug #690672) [squeeze] - librdmacm (Introduced in 1.0.12) [wheezy] - librdmacm 1.0.15-1+deb7u1 CVE-2012-4515 (Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remot ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4512 (The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 all ...) - kdebase (unimportant) - kde-baseapps (unimportant) NOTE: Konqueror not supported security-wise CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21 automatically ...) - libsocialweb 0.25.20-3.1 (low; bug #690675) [wheezy] - libsocialweb 0.25.20-2.1 CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...) {DSA-2562-1} - cups-pk-helper 0.2.3-1 CVE-2012-4509 REJECTED CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...) {DSA-2668-1} - linux 3.2.35-1 - linux-2.6 CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...) - claws-mail 3.8.1-2 (low; bug #690151) [squeeze] - claws-mail 3.7.6-4+squeeze1 NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743 NOTE: www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1165 CVE-2012-4506 (Directory traversal vulnerability in gitolite 3.x before 3.1, when wil ...) - gitolite (Only affects 3.x releases) NOTE: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2 CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c ...) {DSA-2571-1} - libproxy 0.3.1-5.1 (bug #690376) CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in ...) - libproxy (Vulnerable code not present) NOTE: 0.4-only issue, fixed in newest upstream 0.4.9 CVE-2012-4503 (cmdmon.c in Chrony before 1.29 allows remote attackers to obtain poten ...) {DSA-2760-1} - chrony 1.29-1 (bug #719203) CVE-2012-4502 (Multiple integer overflows in pktlength.c in Chrony before 1.29 allow ...) {DSA-2760-1} - chrony 1.29-1 (bug #719203) CVE-2012-4501 (Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows ...) NOT-FOR-US: CloudStack CVE-2012-4500 (The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remo ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4499 (The contact formatter page in the Email Field module 6.x-1.x before 6. ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4498 (The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properl ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4497 (Cross-site scripting (XSS) vulnerability in the "3 slide gallery" in t ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4496 (Cross-site scripting (XSS) vulnerability in the Custom Publishing Opti ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4495 (The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not proper ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4494 (The Shibboleth authentication module 7.x-4.0 for Drupal does not prope ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4493 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4492 (Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URL ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4491 (The Monthly Archive by Node Type module 6.x for Drupal does not proper ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4490 (Multiple cross-site scripting (XSS) vulnerabilities in the Excluded Us ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4489 (Open redirect vulnerability in the securelogin_secure_redirect functio ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4488 (The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 f ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4487 (The Subuser module before 6.x-1.8 for Drupal does not properly check " ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4486 (Cross-site request forgery (CSRF) vulnerability in the Subuser module ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4485 (Multiple cross-site scripting (XSS) vulnerabilities in the galleryform ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4484 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4483 (The commons_discussion_views_default_views function in modules/feature ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal does n ...) NOT-FOR-US: Drupal addon not packaged in Debian CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent attacker ...) - ruby1.8 1.8.7.358-5 (bug #689945) [squeeze] - ruby1.8 (problematic code not present) CVE-2012-4480 (mom creates world-writable pid files in /var/run ...) NOT-FOR-US: mom CVE-2012-4479 (SQL injection vulnerability in the Drag & Drop Gallery module 6.x ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4478 (Cross-site request forgery (CSRF) vulnerability in the Drag & Drop ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4477 (Unspecified vulnerability in the Drag & Drop Gallery module 6.x fo ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4476 (Cross-site scripting (XSS) vulnerability in the Drag & Drop Galler ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4475 (The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7. ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4474 (Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox No ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4473 (The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal a ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4472 (Unrestricted file upload vulnerability in upload.php in the Drag & ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4471 (The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4470 (The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not prop ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4469 (Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2. ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4468 (Cross-site scripting (XSS) vulnerability in the Privatemsg module 7.x- ...) NOT-FOR-US: Drupal contributed-module CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket. ...) - linux-2.6 (Vulnerable code introduced in 3.3) - linux (Vulnerable code introduced in 3.3) CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...) - ruby1.9.1 1.9.3.194-2 (low; bug #689075) [squeeze] - ruby1.9.1 (Minor issue, please recheck) CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...) - cgit (Fixed before the initial upload into the archive) CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...) - ruby1.9.1 1.9.3.194-2 (low; bug #689075) [squeeze] - ruby1.9.1 (Introduced in 1.9.3) CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_ ...) - mc 3:4.8.8-1 (low; bug #689571) [wheezy] - mc (Minor issue) [squeeze] - mc (Minor issue) CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...) - condor (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556) CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ho ...) {DSA-2668-1} - linux-2.6 - linux 3.2.35-1 CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer c ...) - qpid-cpp (low; bug #772794) [wheezy] - qpid-cpp (Minor issue) CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...) - qpid-cpp (low; bug #772794) [wheezy] - qpid-cpp (Minor issue) CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote at ...) - qpid-cpp (low; bug #772794) [wheezy] - qpid-cpp (Minor issue) CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 do ...) - keystone 2012.1.1-9 (bug #689210) CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Es ...) - keystone 2012.1.1-9 (bug #689210) CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable ...) - opencryptoki 3.4.1+dfsg-1 (low; bug #689417) [jessie] - opencryptoki (Minor issue) [squeeze] - opencryptoki (Minor issue) [wheezy] - opencryptoki (Minor issue) CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...) - opencryptoki 3.4.1+dfsg-1 (low; bug #689417) [jessie] - opencryptoki (Minor issue) [squeeze] - opencryptoki (Minor issue) [wheezy] - opencryptoki (Minor issue) CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...) - dracut 020-1.1 (low; bug #688956) [squeeze] - dracut (Minor issue) CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local ...) - mysql-dfsg-5.0 (Debian never included that 5.0.88 release) CVE-2012-4451 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework ...) - zendframework (Vulnerable code introduced in 2.x, #688946) CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...) - 389-ds-base 1.2.11.15-1 (bug #688942) NOTE: Upstream ticket https://fedorahosted.org/389/ticket/340 NOTE: Upstream patch http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09 CVE-2012-4449 (Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 ge ...) - hadoop (bug #793644) CVE-2012-4448 (Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...) - wordpress 3.5.1+dfsg-2 (low; bug #689031) [squeeze] - wordpress (Minor issue) [wheezy] - wordpress (Minor issue) CVE-2012-4447 (Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 a ...) {DSA-2561-1} - tiff 4.0.2-4 (bug #688944) - tiff3 3.9.6-9 (bug #688944) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198 CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the f ...) - qpid-cpp (low; bug #772794) [wheezy] - qpid-cpp (Minor issue) CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment func ...) {DSA-2557-1} - hostapd - wpa 1.0-3 (bug #689990) CVE-2012-4444 (The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kern ...) - linux 2.6.36-1~experimental.1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of roo ...) - monkey (unimportant; bug #688008) CVE-2012-4442 (Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the ro ...) - monkey (unimportant; bug #688007) CVE-2012-4441 (Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before ...) - jenkins (Plugin not built in Debian source package) NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4440 (Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before ...) - jenkins (Plugin not built in Debian source package) NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4439 (Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before ...) - jenkins 1.447.2+dfsg-2 (bug #688298) NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4438 (Jenkins main before 1.482 and LTS before 1.466.2 allows remote attacke ...) - jenkins 1.447.2+dfsg-2 (bug #688298) NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class ...) - smarty3 3.1.10-2 (bug #688153) - smarty (bug #702710) [squeeze] - smarty 2.6.26-0.2+squeeze1 [squeeze] - smarty3 (Unsupported in squeeze-lts) NOTE: https://www.openwall.com/lists/oss-security/2012/09/19/1 NOTE: http://secunia.com/advisories/50589/ NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658 NOTE: https://code.google.com/p/smarty-php/source/detail?r=4660 CVE-2012-4436 (Buffer overflow in the run_last_args function in client/fwknop.c in fw ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, which all ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799 CVE-2012-4434 (fwknop before 2.0.3 allow remote authenticated users to cause a denial ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22 CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in GEGL ( ...) - gegl 0.2.0-2+nmu1 (bug #692435) [squeeze] - gegl (PPM code not yet present) NOTE: http://seclists.org/oss-sec/2012/q4/215 CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x be ...) - optipng (Introduced in 0.7, bug #687998) CVE-2012-4431 (org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...) - tomcat7 7.0.28-4 (bug #695251) - tomcat6 6.0.35-6 (bug #695250) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...) {DSA-2558-1} - bacula 5.2.6+dfsg-4 (bug #687923) [wheezy] - bacula 5.2.6+dfsg-2.1 NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905 CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read cl ...) - vino 3.8.1-1 (bug #687596; low) [squeeze] - vino (Minor issue) [wheezy] - vino (Minor issue) CVE-2012-4428 (openslp: SLPIntersectStringList()' Function has a DoS vulnerability ...) {DLA-304-1} - openslp-dfsg 1.2.1-10 (bug #687597; low) [squeeze] - openslp-dfsg (Minor issue) [wheezy] - openslp-dfsg (Minor issue) CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...) - gnome-shell (unimportant) NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215 NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier mig ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...) - spice-gtk 0.12-5 (bug #689155) NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/18 CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...) {DLA-165-1} - eglibc - glibc 2.17-94 (low; bug #689423) [wheezy] - eglibc 2.13-38+deb7u1 CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...) - libvirt 0.9.12-5 (bug #687598) [squeeze] - libvirt (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133 NOTE: https://www.openwall.com/lists/oss-security/2012/09/13/11 CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite fea ...) - wordpress 3.4.2+dfsg-1 CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in Wo ...) - wordpress 3.4.2+dfsg-1 CVE-2012-4420 (An information disclosure flaw was found in the way the Java Virtual M ...) NOT-FOR-US: Duplicate of CVE-2012-4416 CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor b ...) {DSA-2548-1} - tor 0.2.3.22-rc-1 NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/5 NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404 NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 CVE-2012-4418 (Apache Axis2 allows remote attackers to forge messages and bypass auth ...) NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis CVE-2012-4417 (GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local u ...) - glusterfs 3.2.7-5 (low; bug #693112) [wheezy] - glusterfs (Minor issue) [squeeze] - glusterfs (Minor issue) CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.3-1 (bug #690774) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...) - libguac 0.6.0-2 (medium) NOTE: maintainer contacted us, working on update NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in Orac ...) - mysql-5.1 5.1.72-1 (low; bug #687484) [squeeze] - mysql-5.1 (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x) - mysql-5.5 5.5.30+dfsg-1 (bug #687485) CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...) - keystone 2012.1.1-6 (bug #687428) NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/7 CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...) {DLA-165-1} - eglibc - glibc 2.17-94 (low; bug #687530) [wheezy] - eglibc 2.13-38+deb7u1 CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ad ...) {DSA-2543-1} - xen 4.1.3-2 - xen-qemu-dm-4.0 [squeeze] - xen (In Squeeze the code is in the package xen-qemu-dm-4.0) CVE-2012-4409 (Stack-based buffer overflow in the check_file_head function in extra.c ...) - mcrypt 2.6.8-1.1 [squeeze] - mcrypt (minor issue, it doesn't affect libmcrypt) NOTE: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html CVE-2012-4408 (course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-4407 (lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function ...) - swift 1.4.8-2 (bug #686812) CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in Interna ...) {DSA-2595-1} - argyll 1.4.0-7 (bug #687275) [squeeze] - argyll (Only standalone binary in squeeze, minor impact) - ghostscript 9.05~dfsg-6.1 (bug #687274) CVE-2012-4404 (security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly h ...) {DSA-2538-1} - moin 1.9.4-8 NOTE: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 CVE-2012-4403 (theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly con ...) - moodle (Only affects >= 2.3) CVE-2012-4402 (webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, a ...) - moodle 2.2.3.dfsg-2.3 (bug #687924) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-4401 (Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authent ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-4400 (repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x ...) - moodle 2.2.3.dfsg-2.3 (low; bug #687924) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-4399 (The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 all ...) - cakephp (Does not affect 1.3) NOTE: http://seclists.org/bugtraq/2012/Jul/101 NOTE: http://web.archive.org/web/20140822011643/http://bakery.cakephp.org:80/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1 CVE-2012-4398 (The __request_module function in kernel/kmod.c in the Linux kernel bef ...) - linux 3.2.35-1 (low) - linux-2.6 [squeeze] - linux-2.6 2.6.32-48 CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.1debian-1 CVE-2012-4396 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 4.0.2debian-1 CVE-2012-4395 (Cross-site scripting (XSS) vulnerability in index.php in ownCloud befo ...) - owncloud 4.0.3debian-1 CVE-2012-4394 (Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js ...) - owncloud 4.0.5debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4393 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4392 (index.php in ownCloud 4.0.7 does not properly validate the oc_token co ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4391 (Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4390 ((1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/rem ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...) - owncloud 4.0.7debian-1 (bug #686567) [wheezy] - owncloud 4.0.4debian2-2 CVE-2012-4388 (The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4 ...) - php5 5.4.1~rc1-1 [squeeze] - php5 (CVE-2011-1398 was never fixed in squeeze) CVE-2012-4387 (Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a d ...) - libstruts1.2-java (Only affects Struts 2) NOTE: http://struts.apache.org/2.x/docs/s2-011.html CVE-2012-4386 (The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does no ...) - libstruts1.2-java (Only affects Struts 2) NOTE: http://struts.apache.org/2.x/docs/s2-010.html CVE-2012-4385 (letodms 3.3.6 has CSRF via change password ...) - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4384 (letodms has multiple XSS issues: Reflected XSS in Login Page, Stored X ...) - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4383 (contao prior to 2.11.4 has a sql injection vulnerability ...) NOT-FOR-US: Contao CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly pr ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823 NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4381 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in t ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184 NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attack ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824 NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a rest ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180 NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki befor ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587 NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 an ...) - mediawiki 1:1.19.2-1 (bug #686330) [squeeze] - mediawiki (Introduced in 1.16) NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700 NOTE: https://www.openwall.com/lists/oss-security/2012/08/31/6 CVE-2012-4376 RESERVED CVE-2012-4375 RESERVED CVE-2012-4374 RESERVED CVE-2012-4373 RESERVED CVE-2012-4372 RESERVED CVE-2012-4371 RESERVED CVE-2012-4370 RESERVED CVE-2012-4369 RESERVED CVE-2012-4368 RESERVED CVE-2012-4367 RESERVED CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v ...) NOT-FOR-US: Belkin wireless routers CVE-2012-4365 RESERVED CVE-2012-4364 RESERVED CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 al ...) NOT-FOR-US: Adobe Reader CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has ...) NOT-FOR-US: HP Virtual SAN Appliance CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...) NOT-FOR-US: HP Virtual SAN Appliance CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0 ...) NOT-FOR-US: mod_pagespeed CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA b ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA b ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 an ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pr ...) NOT-FOR-US: Sielco Sistemi Winlog SCADA CVE-2012-4352 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNe ...) NOT-FOR-US: Stoneware webNetwork CVE-2012-4351 (Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encry ...) NOT-FOR-US: Symantec CVE-2012-4350 (Multiple unquoted Windows search path vulnerabilities in the (1) Manag ...) NOT-FOR-US: Symantec Enterprise Security Manager CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access ...) NOT-FOR-US: Symantec Network Access Control CVE-2012-4348 (The management console in Symantec Endpoint Protection (SEP) 11.0 befo ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2012-4347 (Multiple directory traversal vulnerabilities in the management console ...) NOT-FOR-US: Symantec CVE-2012-4346 RESERVED CVE-2012-4345 (Multiple cross-site scripting (XSS) vulnerabilities in the Database St ...) - phpmyadmin 4:3.4.11.1-1 [squeeze] - phpmyadmin (Vulnerable code not present) CVE-2012-4344 (Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.0 ...) NOT-FOR-US: Ipswitch CVE-2012-4343 (Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow a ...) - gallery3 (bug #511715) CVE-2012-4342 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 befor ...) - gallery3 (bug #511715) CVE-2012-4341 (Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeav ...) NOT-FOR-US: SAP NetWeaver ABAP CVE-2012-4340 (Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 ...) NOT-FOR-US: Sybase CVE-2012-4339 RESERVED CVE-2012-4338 RESERVED CVE-2012-4337 (Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote atta ...) NOT-FOR-US: Foxit Reader CVE-2012-4336 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Fl ...) NOT-FOR-US: Flogr 2.5.6 CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a de ...) NOT-FOR-US: Samsung NET-i CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWCo ...) NOT-FOR-US: Samsung NET-i CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method in the ...) NOT-FOR-US: Samsung NET-i CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers t ...) NOT-FOR-US: Wordpress plugin CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x bef ...) {DSA-2461-1} - spip 2.1.13-1 CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote attacke ...) NOT-FOR-US: Samsung D6000 TV CVE-2012-4329 (The Samsung D6000 TV and possibly other products allow remote attacker ...) NOT-FOR-US: Samsung D6000 TV CVE-2012-4328 (Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through ...) NOT-FOR-US: vBulletin CVE-2012-4327 (Unspecified vulnerability in the Image News slider plugin before 3.3 f ...) NOT-FOR-US: Image News slider plugin for WordPress CVE-2012-4326 (Cross-site request forgery (CSRF) vulnerability in commonsettings.php ...) NOT-FOR-US: AlstraSoft Site Uptime Enterprise CVE-2012-4325 (Cross-site request forgery (CSRF) vulnerability in upload/users.php in ...) NOT-FOR-US: Utopia News Pro CVE-2012-4324 (Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation ...) NOT-FOR-US: PHPJabbers Vacation Rental Script CVE-2012-4323 RESERVED CVE-2012-4322 RESERVED CVE-2012-4321 RESERVED CVE-2012-4320 RESERVED CVE-2012-4319 RESERVED CVE-2012-4318 RESERVED CVE-2012-4317 RESERVED CVE-2012-4316 RESERVED CVE-2012-4315 RESERVED CVE-2012-4314 RESERVED CVE-2012-4313 RESERVED CVE-2012-4312 RESERVED CVE-2012-4311 RESERVED CVE-2012-4310 RESERVED CVE-2012-4309 RESERVED CVE-2012-4308 RESERVED CVE-2012-4307 RESERVED CVE-2012-4306 RESERVED CVE-2012-4305 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-4304 RESERVED CVE-2012-4303 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion CVE-2012-4302 RESERVED CVE-2012-4301 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-4300 RESERVED CVE-2012-4299 RESERVED CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/di ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.6.x and 1.8.x) CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissect ...) {DSA-2590-1} - wireshark 1.8.2-1 CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ep ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.1 ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6. ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x b ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/ ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1 ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap- ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Only affects 1.8.x) CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the D ...) - wireshark 1.8.2-1 (unimportant) NOTE: not suitable for code injection CVE-2012-4284 (A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac ...) NOT-FOR-US: Viscosity CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...) NOT-FOR-US: Login With Ajax plugin for Wordpress CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows r ...) NOT-FOR-US: Trombinoscope 3.5 CVE-2012-4281 (Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow ...) NOT-FOR-US: Travelon Express 6.2.2 CVE-2012-4280 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin/ag ...) NOT-FOR-US: Free Realty 3.1-0.6 CVE-2012-4279 (Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow re ...) NOT-FOR-US: Free Realty 3.1-0.6 CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1 ...) NOT-FOR-US: Free Realty CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the smarty_function_html_o ...) - smarty3 3.1.10-1 - smarty (low) [squeeze] - smarty (Unsupported in squeeze-lts) [squeeze] - smarty3 (Unsupported in squeeze-lts) CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 t ...) NOT-FOR-US: Hitachi IT Operations Director CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Dire ...) NOT-FOR-US: Hitachi IT Operations Director CVE-2012-4274 (Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 thr ...) NOT-FOR-US: Hitachi Cobol GUI Option CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Cli ...) NOT-FOR-US: 2 Click Social Media Buttons plugin for Wordpress CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Soc ...) NOT-FOR-US: 2 Click Social Media Buttons plugin for WordPress CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wo ...) NOT-FOR-US: Wordpress plugin CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remot ...) NOT-FOR-US: eFront CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows remote ...) NOT-FOR-US: eFront CVE-2012-4268 (Cross-site scripting (XSS) vulnerability in bulletproof-security/admin ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2012-4267 (Cross-site scripting (XSS) vulnerability in user/register in Sockso 1. ...) NOT-FOR-US: Sockso CVE-2012-4266 (Cross-site scripting (XSS) vulnerability in client_details.php in Prom ...) NOT-FOR-US: Proman Xpress CVE-2012-4265 (SQL injection vulnerability in category_edit.php in Proman Xpress 5.0. ...) NOT-FOR-US: Proman Xpress CVE-2012-4264 (Multiple cross-site scripting (XSS) vulnerabilities in the Better WP S ...) NOT-FOR-US: Better WP Security plugin for WordPress CVE-2012-4263 (Cross-site scripting (XSS) vulnerability in inc/admin/content.php in t ...) NOT-FOR-US: Better WP Security plugin for Wordpress CVE-2012-4262 (Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow ...) NOT-FOR-US: myCare2x CVE-2012-4261 (SQL injection vulnerability in modules/patient/mycare2x_pat_info.php i ...) NOT-FOR-US: myCare2x CVE-2012-4260 (Multiple SQL injection vulnerabilities in myCare2x allow remote attack ...) NOT-FOR-US: myCare2x CVE-2012-4259 (Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone ...) NOT-FOR-US: XPhone Virtual Directory CVE-2012-4258 (Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2 ...) NOT-FOR-US: MYRE Real Estate Software CVE-2012-4257 (Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows re ...) NOT-FOR-US: Yaqas CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attack ...) NOT-FOR-US: jNews for Joomla! CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: MySQLDumper CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: MySQLDumper CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 all ...) NOT-FOR-US: MySQLDumper CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDum ...) NOT-FOR-US: MySQLDumper CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.2 ...) NOT-FOR-US: MySQLDumper CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization function ...) NOT-FOR-US: Samsung NET-i viewer CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on the Ki ...) NOT-FOR-US: Kindle Touch CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...) NOT-FOR-US: Kindle Touch CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...) - phplist (bug #612288) CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...) - phplist (bug #612288) CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authenticatio ...) - gimp (unimportant) NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice CVE-2012-4244 (ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9. ...) {DSA-2547-1} - bind9 1:9.8.4.dfsg-1 (bug #693015) [wheezy] - bind9 1:9.8.1.dfsg.P1-4.4 - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-4243 RESERVED CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...) NOT-FOR-US: MF Gig Calendar CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 a ...) NOT-FOR-US: Microcart CVE-2012-4240 (SQL injection vulnerability in modules/calendar/json.php in Group-Offi ...) NOT-FOR-US: Group-Office CVE-2012-4239 RESERVED CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer ...) NOT-FOR-US: TCExam CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow ...) NOT-FOR-US: TCExam CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page function ...) NOT-FOR-US: Total Shop UK eCommerce CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5 ...) NOT-FOR-US: Joomla addon CVE-2012-4234 (Cross-site scripting (XSS) vulnerability in the group moderation scree ...) NOT-FOR-US: Phorum CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffic ...) {DSA-2570-1} - libreoffice 1:3.5.4+dfsg-3 (low) - openoffice.org 1:3.3.0-1 (low) NOTE: Since 3.3.0 openoffice.org is a transitional source package NOTE: https://www.htbridge.com/advisory/HTB23106 CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...) NOT-FOR-US: jCore CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore b ...) NOT-FOR-US: jCore CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyM ...) - tinymce (low; bug #796117) [buster] - tinymce (Minor issue) [stretch] - tinymce (Minor issue) [jessie] - tinymce (Minor issue) [squeeze] - tinymce (Minor issue) [wheezy] - tinymce (Minor issue) CVE-2012-4229 RESERVED CVE-2012-4228 RESERVED CVE-2012-4227 RESERVED CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick Post Widg ...) NOT-FOR-US: WordPress plugin Quick Post Widget CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows loc ...) - nvidia-graphics-drivers 304.37-1 (bug #684781) - nvidia-graphics-drivers-legacy-173xx 173.14.35-3 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2 [squeeze] - nvidia-graphics-drivers-legacy-173xx (Non-free not supported) NOTE: http://seclists.org/fulldisclosure/2012/Aug/4 NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140 CVE-2012-4224 REJECTED CVE-2012-4223 REJECTED CVE-2012-4222 (drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphi ...) - linux (Android-specific drivers) - linux-2.6 (Android-specific drivers) CVE-2012-4221 (Integer overflow in diagchar_core.c in the Qualcomm Innovation Center ...) - linux (Android-specific drivers) - linux-2.6 (Android-specific drivers) CVE-2012-4220 (diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics ( ...) - linux (Android-specific drivers) - linux-2.6 (Android-specific drivers) CVE-2012-4219 (show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remot ...) - phpmyadmin 4:4.0.1-1 (unimportant) NOTE: Path disclosure irrelevant in Debian CVE-2012-4218 (Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::S ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4217 (Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdat ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4216 (Use-after-free vulnerability in the gfxFont::GetFontEntry function in ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-4215 (Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEv ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4214 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor f ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode functio ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark function in ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4211 REJECTED CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10. ...) - iceweasel 10.0.11esr-1 [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderb ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunder ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4207 (The HZ-GB-2312 character-set implementation in Mozilla Firefox before ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-4206 (Untrusted search path vulnerability in the installer in Mozilla Firefo ...) - iceweasel (Windows-specific) CVE-2012-4205 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey be ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4204 (The str_unescape function in the JavaScript engine in Mozilla Firefox ...) - iceape (Doesn't affect the ESR series, only releases from experimental) - iceweasel (Doesn't affect the ESR series, only releases from experimental) - icedove (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4203 (The New Tab page in Mozilla Firefox before 17.0 uses a privileged cont ...) - iceweasel (Doesn't affect the ESR series, only releases from experimental) CVE-2012-4202 (Heap-based buffer overflow in the image::RasterImage::DrawFrameTo func ...) - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before 17.0, Firef ...) {DSA-2588-1 DSA-2584-1 DSA-2583-1} - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 CVE-2012-4200 RESERVED CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3. ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x a ...) - bugzilla (Only affects 3.7 onwards) - bugzilla4 (bug #669643) CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x befor ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2012-4196 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunde ...) - iceweasel 10.0.10esr-1 - icedove 10.0.10-1 - iceape 2.7.10-1 [squeeze] - iceape (vulnerable code not present) [squeeze] - iceweasel (vulnerable code not present) [squeeze] - icedove (vulnerable code not present) CVE-2012-4195 (The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Fi ...) - iceape (Only affects 16.x release from experimental) - iceweasel (Only affects 16.x release from experimental) - icedove (Only affects 16.x release from experimental) CVE-2012-4194 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunde ...) - iceape 2.7.10-1 - icedove 10.0.10-1 - iceweasel 10.0.10esr-1 [squeeze] - iceape (vulnerable code not present) [squeeze] - iceweasel (vulnerable code not present) [squeeze] - icedove (vulnerable code not present) CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunder ...) - iceweasel 10.0.9esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (vulnerable code not present) [squeeze] - iceweasel (vulnerable code not present) [squeeze] - icedove (vulnerable code not present) CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remot ...) - iceweasel 10.0.9esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Regression not present in Squeeze) [squeeze] - iceweasel (Regression not present in Squeeze) [squeeze] - icedove (Regression not present in Squeeze) CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets ...) - iceweasel (Doesn't affect ESR series) CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...) - iceweasel (Only affects Firefox Mobile) CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x b ...) - bugzilla (Only affects 4.1 onwards) - bugzilla4 (bug #669643) CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla Fire ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData functi ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla Firefo ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures f ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert functi ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4181 (Use-after-free vulnerability in the nsSMILAnimationController::DoSampl ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4180 (Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhites ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4179 (Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyT ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-4178 (SQL injection vulnerability in spywall/includes/deptUploads_data.php i ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...) NOT-FOR-US: Ubisoft Uplay PC CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows a ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4174 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4173 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4172 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows att ...) NOT-FOR-US: Adobe Shockwave CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remot ...) NOT-FOR-US: Adobe Photoshop CS6 CVE-2012-4169 REJECTED CVE-2012-4168 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x bef ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4166 REJECTED CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4164 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4163 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Ma ...) NOT-FOR-US: Adobe Reader CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Ma ...) NOT-FOR-US: Adobe Reader CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-4146 (Opera before 12.01 allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Opera CVE-2012-4145 (Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, a ...) NOT-FOR-US: Opera CVE-2012-4144 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befo ...) NOT-FOR-US: Opera CVE-2012-4143 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befo ...) NOT-FOR-US: Opera CVE-2012-4142 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x befo ...) NOT-FOR-US: Opera CVE-2012-XXXX [redeclipse code execution through map files] - redeclipse 1.2-3 (bug #684143) CVE-2012-XXXX [base name disclosure] - spip 2.1.17-1 (bug #683667) [squeeze] - spip 2.1.1-3squeeze5 CVE-2012-XXXX [insecure default configuration / authentication bypass] - munin 2.0.5-1 (bug #682869) [squeeze] - munin (Minor issue) CVE-2012-4141 (Directory traversal vulnerability in the CLI parser in Cisco NX-OS all ...) NOT-FOR-US: Cisco CVE-2012-4140 REJECTED CVE-2012-4139 REJECTED CVE-2012-4138 REJECTED CVE-2012-4137 REJECTED CVE-2012-4136 (The high-availability service in the Fabric Interconnect component in ...) NOT-FOR-US: Cisco CVE-2012-4135 (Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and ...) NOT-FOR-US: Cisco CVE-2012-4134 REJECTED CVE-2012-4133 REJECTED CVE-2012-4132 REJECTED CVE-2012-4131 (Directory traversal vulnerability in tar in Cisco NX-OS allows local u ...) NOT-FOR-US: Cisco CVE-2012-4130 REJECTED CVE-2012-4129 REJECTED CVE-2012-4128 REJECTED CVE-2012-4127 REJECTED CVE-2012-4126 REJECTED CVE-2012-4125 REJECTED CVE-2012-4124 REJECTED CVE-2012-4123 REJECTED CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass intended ac ...) NOT-FOR-US: Cisco CVE-2012-4121 (Cisco NX-OS allows local users to gain privileges, and read or modify ...) NOT-FOR-US: Cisco CVE-2012-4120 REJECTED CVE-2012-4119 REJECTED CVE-2012-4118 REJECTED CVE-2012-4117 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco CVE-2012-4116 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco CVE-2012-4115 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco CVE-2012-4114 (The fabric-interconnect KVM module in Cisco Unified Computing System ( ...) NOT-FOR-US: Cisco CVE-2012-4113 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco CVE-2012-4112 (The Baseboard Management Controller (BMC) in Cisco Unified Computing S ...) NOT-FOR-US: Cisco CVE-2012-4111 (The create certreq command in the fabric-interconnect component in Cis ...) NOT-FOR-US: Cisco CVE-2012-4110 (run-script in the fabric-interconnect component in Cisco Unified Compu ...) NOT-FOR-US: Cisco CVE-2012-4109 (The clear sshkey command in the fabric-interconnect component in Cisco ...) NOT-FOR-US: Cisco CVE-2012-4108 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4107 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4106 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4105 (The fabric-interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4104 (Absolute path traversal vulnerability in the image-download process in ...) NOT-FOR-US: Cisco CVE-2012-4103 (ethanalyzer in the fabric-interconnect component in Cisco Unified Comp ...) NOT-FOR-US: Cisco CVE-2012-4102 (The activate firmware command in the fabric-interconnect component in ...) NOT-FOR-US: Cisco CVE-2012-4101 REJECTED CVE-2012-4100 REJECTED CVE-2012-4099 (The BGP implementation in Cisco NX-OS does not properly filter AS path ...) NOT-FOR-US: Cisco CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter AS path ...) NOT-FOR-US: Cisco CVE-2012-4097 (The BGP implementation in Cisco NX-OS does not properly filter segment ...) NOT-FOR-US: Cisco CVE-2012-4096 (The local file editor in the Baseboard Management Controller (BMC) in ...) NOT-FOR-US: Cisco CVE-2012-4095 (The local file editor in the fabric-interconnect component in Cisco Un ...) NOT-FOR-US: Cisco CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric interconn ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4093 (The Manager component in Cisco Unified Computing System (UCS) allows l ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4092 (The management interface in the Central Software component in Cisco Un ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4091 (The RIP service engine in Cisco NX-OS allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2012-4090 (The management interface in Cisco NX-OS on Nexus 7000 devices allows r ...) NOT-FOR-US: Cisco CVE-2012-4089 (MCTOOLS in the fabric interconnect in Cisco Unified Computing System ( ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4088 (The FTP server in Cisco Unified Computing System (UCS) has a hardcoded ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4087 (A cluster setup script for fabric interconnect devices in Cisco Unifie ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4086 (A setup script for fabric interconnect devices in Cisco Unified Comput ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI) implementation in ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4084 (Cross-site request forgery (CSRF) vulnerability in the web-management ...) NOT-FOR-US: Cisco CVE-2012-4083 (Multiple buffer overflows in the administrative web interface in Cisco ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4082 (MCTools in the Cisco Management Controller in Cisco Unified Computing ...) NOT-FOR-US: Cisco CVE-2012-4081 (MCServer in the Cisco Management Controller in Cisco Unified Computing ...) NOT-FOR-US: Cisco CVE-2012-4080 REJECTED CVE-2012-4079 (The XML API service in the Fabric Interconnect component in Cisco Unif ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4078 (The Baseboard Management Controller (BMC) in Cisco Unified Computing S ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4077 (Cisco NX-OS allows local users to gain privileges and execute arbitrar ...) NOT-FOR-US: Cisco CVE-2012-4076 (Cisco NX-OS allows local users to gain privileges and execute arbitrar ...) NOT-FOR-US: Cisco NX-OS CVE-2012-4075 (Cisco NX-OS allows local users to gain privileges and execute arbitrar ...) NOT-FOR-US: Cisco CVE-2012-4074 (The Board Management Controller (BMC) in the Serial over LAN (SoL) sub ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4073 (The KVM subsystem in the client in Cisco Unified Computing System (UCS ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4072 (The KVM subsystem in Cisco Unified Computing System (UCS) relies on a ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...) NOT-FOR-US: Joomla addon CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3. ...) NOT-FOR-US: Dir2Web CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with insuf ...) NOT-FOR-US: Dir2Web CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix Provisi ...) NOT-FOR-US: Citrix CVE-2012-4067 (Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a d ...) - eucalyptus (bug #707592) NOTE: https://github.com/eucalyptus/eucalyptus/commit/e958e60 NOTE: https://eucalyptus.atlassian.net/browse/EUCA-5277 CVE-2012-4066 (The internal message protocol for Walrus in Eucalyptus 3.2.0 and earli ...) - eucalyptus (bug #702388) CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of exte ...) - eucalyptus 3.1.0-9 (bug #689599) CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding of exte ...) - eucalyptus 3.1.0-9 (bug #689599) CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1 does not ...) - eucalyptus 3.1.0-9 (bug #689599) CVE-2012-4062 RESERVED CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remot ...) NOT-FOR-US: ASP-DEv XM Diary CVE-2012-4060 (Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow ...) NOT-FOR-US: ASP-DEv XM Diary CVE-2012-4059 (Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php ...) NOT-FOR-US: Socketmail not in Debian CVE-2012-4058 (Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allow ...) NOT-FOR-US: Socketmail not in Debian CVE-2012-4057 (Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote ...) NOT-FOR-US: Remote-Anything not in Debian CVE-2012-4056 (SQL injection vulnerability in index2.php in Uiga Personal Portal allo ...) NOT-FOR-US: Uiga personal portal CVE-2012-4055 (SQL injection vulnerability in index2.php in Uiga Fan Club allows remo ...) NOT-FOR-US: Uiga Fan Club CVE-2012-4054 (Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 ...) NOT-FOR-US: CPE17 Autorun Killer not in Debian CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash player i ...) NOT-FOR-US: eZOE flash player not in Debian CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2. ...) NOT-FOR-US: Jease CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in editAcco ...) NOT-FOR-US: JAMF Casper suite CVE-2012-4047 RESERVED CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers ...) NOT-FOR-US: D-Link DCS-932L camera CVE-2012-4045 (Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 ...) NOT-FOR-US: Winamp CVE-2012-4044 RESERVED CVE-2012-4043 (Cross-site scripting (XSS) vulnerability in global-protect/login.esp i ...) NOT-FOR-US: Palo Alto Networks software CVE-2012-4042 RESERVED CVE-2012-4041 RESERVED CVE-2012-4040 RESERVED CVE-2012-4039 RESERVED CVE-2012-4038 RESERVED CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...) - transmission 2.52-3 (bug #683380) [squeeze] - transmission (Version in Stable not affected) CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 a ...) NOT-FOR-US: PBBoard CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to chan ...) NOT-FOR-US: PBBoard CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote a ...) NOT-FOR-US: PBBoard CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1 ...) NOT-FOR-US: Google Chrome OS CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x b ...) - wireshark 1.8.2-1 [squeeze] - wireshark (Vulnerable code not present) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9 ...) {DSA-2590-1} - wireshark 1.8.2-1 (bug #680056) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin be ...) NOT-FOR-US: Zingiri not in Debian CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before 1 ...) NOT-FOR-US: WebsitePanel not in Debian CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.php in ...) NOT-FOR-US: Wangkongbao not in Debian CVE-2012-4030 (Chamilo before 1.8.8.6 does not adequately handle user supplied input ...) NOT-FOR-US: Chamilo LMS CVE-2012-4029 (Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in ...) NOT-FOR-US: Chamilo LMS CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework allo ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before 3.11 al ...) NOT-FOR-US: The Johnson Controls Pegasys P2000 CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in unsquas ...) - squashfs-tools 1:4.2+20121212-1 (low; bug #683371) [squeeze] - squashfs-tools (Minor issue) [wheezy] - squashfs-tools (Minor issue) CVE-2012-4024 (Stack-based buffer overflow in the get_component function in unsquashf ...) - squashfs-tools 1:4.2+20121212-1 (low; bug #683371) [squeeze] - squashfs-tools (Minor issue) [wheezy] - squashfs-tools (Minor issue) CVE-2012-4023 (CRLF injection vulnerability in Pebble before 2.6.4 allows remote atta ...) NOT-FOR-US: Pebble blog CVE-2012-4022 (Pebble before 2.6.4 allows remote attackers to trigger loss of blog-en ...) NOT-FOR-US: Pebble blog CVE-2012-4021 (MosP kintai kanri before 4.1.0 does not properly perform authenticatio ...) NOT-FOR-US: MosP kintai kanri CVE-2012-4020 (MosP kintai kanri before 4.1.0 does not enforce privilege requirements ...) NOT-FOR-US: MosP kintai kanri CVE-2012-4019 (Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on G ...) NOT-FOR-US: Come on Girls Interface (CGI) Tokyo BBS CVE-2012-4018 (Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWe ...) NOT-FOR-US: Final Beta Laboratory MyWebSearch CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...) NOT-FOR-US: Android application CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers ...) NOT-FOR-US: Android application CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management screen in m ...) NOT-FOR-US: My Little tool / My little admin SQL server 2000 CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShie ...) NOT-FOR-US: McAfee Email Anti-virus CVE-2012-4013 (The WebView class in the Cybozu KUNAI Browser for Remote Service appli ...) NOT-FOR-US: Cybozu KUNAI Browser CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for And ...) NOT-FOR-US: Cybozu KUNAI CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote at ...) NOT-FOR-US: Cybozu KUNAI CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar vi ...) NOT-FOR-US: Opera CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...) NOT-FOR-US: Cybozu Live CVE-2012-4008 (The Cybozu Live application 1.0.4 and earlier for Android allows remot ...) NOT-FOR-US: Cybozu Live CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...) NOT-FOR-US: mixi application for Android CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application b ...) NOT-FOR-US: GREE application for Android CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...) NOT-FOR-US: NHN Japan NAVER LINE CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile applic ...) NOT-FOR-US: Sleipnir Mobile CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GL ...) - glpi 0.83.31-1 (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://forge.indepnet.net/projects/glpi/versions/771 NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1 CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI b ...) - glpi 0.83.31-1 (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://forge.indepnet.net/projects/glpi/versions/771 NOTE: https://www.openwall.com/lists/oss-security/2012/07/13/1 CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server d ...) NOT-FOR-US: mod_pagespeed CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var f ...) {DSA-2522-1} - fckeditor 1:2.6.6-3 (bug #683418) NOTE: http://disse.cting.org/2012/06/22/fckeditor-reflected-xss-vulnerability/ CVE-2012-3999 (Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky ...) NOT-FOR-US: Sticky Notes CVE-2012-3998 (Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.2705 ...) NOT-FOR-US: Sticky Notes CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes be ...) NOT-FOR-US: Sticky Notes CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obta ...) - tikiwiki CVE-2012-3995 (The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Fir ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox befo ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation i ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox E ...) - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to Re ...) - iceweasel (Android-specific) CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbi ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey be ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2572-1 DSA-2569-1 DSA-2565-1} - iceweasel 10.0.8esr-1 - icedove 10.0.9-1 - iceape 2.7.9-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-4747 (Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1 ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785522 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785511 CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4 ...) - bugzilla (low) [squeeze] - bugzilla (Minor issue) - bugzilla4 (bug #669643) CVE-2012-3980 (The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x befor ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3979 (Mozilla Firefox before 15.0 on Android does not properly implement uns ...) - iceweasel (Only affects Firefox for Android) CVE-2012-3978 (The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Fire ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3977 REJECTED CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMo ...) - iceweasel 10.0.7esr-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3975 (The DOMParser component in Mozilla Firefox before 15.0, Thunderbird be ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3974 (Untrusted search path vulnerability in the installer in Mozilla Firefo ...) - iceweasel (Only affects Firefox for Windows) CVE-2012-3973 (The debugger in the developer-tools subsystem in Mozilla Firefox befor ...) - iceweasel (Only affects Firefox >= 10) CVE-2012-3972 (The format-number functionality in the XSLT implementation in Mozilla ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3971 (Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla F ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in M ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla Fi ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 1 ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3966 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbi ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to t ...) - iceweasel (Only affects Firefox >= 10) CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function i ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind functi ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbi ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in Mozill ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3960 (Use-after-free vulnerability in the mozSpellChecker::SetCurrentDiction ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3959 (Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode f ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-3958 (Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableEle ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function ...) - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 [squeeze] - iceape (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3956 (Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Ru ...) - iceweasel (Vulnerable code not present in Firefox 10.x codebase) - icedove (Vulnerable code not present in Firefox 10.x codebase) - iceape (Vulnerable code not present in Firefox 10.x codebase) CVE-2012-3955 (ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remo ...) {DSA-2551-1} - isc-dhcp 4.2.4-2 [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...) {DSA-2519-2 DSA-2519-1 DSA-2516-1} - isc-dhcp 4.2.4-2 (bug #686174) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before 2.10. ...) - phplist (bug #612288) CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...) - phplist (bug #612288) CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutini ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 throug ...) NOT-FOR-US: Cisco IOS CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2012-3948 RESERVED CVE-2012-3947 RESERVED CVE-2012-3946 (Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ...) NOT-FOR-US: Cisco IOS CVE-2012-3945 RESERVED CVE-2012-3944 RESERVED CVE-2012-3943 RESERVED CVE-2012-3942 RESERVED CVE-2012-3941 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) p ...) NOT-FOR-US: Cisco WebEx CVE-2012-3940 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...) NOT-FOR-US: Cisco WebEx CVE-2012-3939 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...) NOT-FOR-US: Cisco WebEx CVE-2012-3938 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...) NOT-FOR-US: Cisco WebEx CVE-2012-3937 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...) NOT-FOR-US: Cisco WebEx CVE-2012-3936 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 b ...) NOT-FOR-US: Cisco WebEx CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Commu ...) NOT-FOR-US: Cisco Unified Presence, Jabber Extensible Communications Platform CVE-2012-3934 RESERVED CVE-2012-3933 RESERVED CVE-2012-3932 RESERVED CVE-2012-3931 RESERVED CVE-2012-3930 RESERVED CVE-2012-3929 RESERVED CVE-2012-3928 RESERVED CVE-2012-3927 RESERVED CVE-2012-3926 RESERVED CVE-2012-3925 RESERVED CVE-2012-3924 (The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is ena ...) NOT-FOR-US: Cisco IOS CVE-2012-3923 (The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, whe ...) NOT-FOR-US: Cisco IOS CVE-2012-3922 RESERVED CVE-2012-3921 RESERVED CVE-2012-3920 RESERVED CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco Cataly ...) NOT-FOR-US: Cisco Application Control Engine CVE-2012-3918 (Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/ ...) NOT-FOR-US: Cisco IOS CVE-2012-3917 RESERVED CVE-2012-3916 RESERVED CVE-2012-3915 (The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attack ...) NOT-FOR-US: Cisco IOS CVE-2012-3914 RESERVED CVE-2012-3913 (The Cisco VC220 and VC240 cameras allow remote attackers to cause a de ...) NOT-FOR-US: Cisco CVE-2012-3912 RESERVED CVE-2012-3911 RESERVED CVE-2012-3910 RESERVED CVE-2012-3909 RESERVED CVE-2012-3908 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE ...) NOT-FOR-US: Cisco Identity Services Engine CVE-2012-3907 RESERVED CVE-2012-3906 RESERVED CVE-2012-3905 RESERVED CVE-2012-3904 RESERVED CVE-2012-3903 RESERVED CVE-2012-3902 RESERVED CVE-2012-3901 (The updateTime function in sensorApp on Cisco IPS 4200 series sensors ...) NOT-FOR-US: Cisco IPS 4200 CVE-2012-3900 RESERVED CVE-2012-3899 (sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not ...) NOT-FOR-US: Cisco IPS 4200 CVE-2012-3898 RESERVED CVE-2012-3897 RESERVED CVE-2012-3896 RESERVED CVE-2012-3895 (Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause ...) NOT-FOR-US: Cisco IOS CVE-2012-3894 RESERVED CVE-2012-3893 (The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote au ...) NOT-FOR-US: Cisco IOS CVE-2012-3892 RESERVED CVE-2012-3891 RESERVED CVE-2012-3890 (The in_mod plugin in Winamp before 5.63 allows remote attackers to cau ...) NOT-FOR-US: Winamp CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers to cau ...) NOT-FOR-US: Winamp CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote attacker ...) NOT-FOR-US: AirDroid CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for data tra ...) NOT-FOR-US: AirDroid CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogi ...) NOT-FOR-US: AirDroid CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a four-character ...) NOT-FOR-US: AirDroid CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct transmiss ...) NOT-FOR-US: AirDroid CVE-2012-3883 RESERVED CVE-2012-3882 RESERVED CVE-2012-3881 (Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 all ...) NOT-FOR-US: RTG, RTG2 CVE-2012-3880 RESERVED CVE-2012-3879 RESERVED CVE-2012-3878 REJECTED CVE-2012-3877 RESERVED CVE-2012-3876 RESERVED CVE-2012-3875 RESERVED CVE-2012-3874 RESERVED CVE-2012-3873 (Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allo ...) NOT-FOR-US: Open Constructor CVE-2012-3872 (Multiple cross-site scripting (XSS) vulnerabilities in Open Constructo ...) NOT-FOR-US: Open Constructor CVE-2012-3871 (Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php i ...) NOT-FOR-US: Open Constructor CVE-2012-3870 (Multiple cross-site scripting (XSS) vulnerabilities in objects/createo ...) NOT-FOR-US: Open Constructor CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in include/classes/class.rex_ ...) NOT-FOR-US: REDAXO CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...) NOTE: https://kb.isc.org/article/AA-00730 - bind9 (Vulnerable code not present, only affects 9.9.x) - isc-dhcp (embeds bind 9.8.x; this issue only affects 9.9.x) CVE-2012-3867 (lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2. ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3866 (lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enter ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3865 (Directory traversal vulnerability in lib/puppet/reports/store.rb in Pu ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3864 (Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise be ...) {DSA-2511-1} - puppet 2.7.18-1 CVE-2012-3862 RESERVED CVE-2012-3861 RESERVED CVE-2012-3860 RESERVED CVE-2012-3859 (Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unk ...) NOT-FOR-US: Netsweeper WebAdmin Portal CVE-2012-3858 RESERVED CVE-2012-3857 RESERVED CVE-2012-3856 RESERVED CVE-2012-3855 RESERVED CVE-2012-3854 RESERVED CVE-2012-3853 RESERVED CVE-2012-3852 RESERVED CVE-2012-3851 RESERVED CVE-2012-3850 RESERVED CVE-2012-3849 RESERVED CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 a ...) NOT-FOR-US: Windows utility CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...) NOT-FOR-US: php-pastebin not in Debian CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote atta ...) NOT-FOR-US: LAN Messenger not in Debian CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows re ...) NOT-FOR-US: vBulletin not in Debian CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration page in e ...) NOT-FOR-US: e107 not in Debian CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in J ...) NOT-FOR-US: DirectAdmin not in Debian CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local ...) NOT-FOR-US: KMPlayer not in Debian (not the KDE interface to mplayer) CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in index.php/users ...) NOT-FOR-US: MyClientBase not in Debian CVE-2012-3839 (Multiple SQL injection vulnerabilities in application/core/MY_Model.ph ...) NOT-FOR-US: MyClientBase not in Debian CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the installation ...) NOT-FOR-US: Baby Gekko not in Debian CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in apps/users/regi ...) NOT-FOR-US: Baby Gekko not in Debian CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...) NOT-FOR-US: Baby Gekko not in Debian CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...) NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map) CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in AlienVau ...) NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map) CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index page in ...) NOT-FOR-US: Quick.CMS not in Debian CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decod ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...) NOT-FOR-US: Decoda not in Debian CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...) NOT-FOR-US: Joomla! CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remot ...) NOT-FOR-US: Joomla! CVE-2012-3827 RESERVED CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...) - wireshark 1.6.8-1 (unimportant) [squeeze] - wireshark (vulnerable code appeared in 1.4/1.6) NOTE: not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 NOTE: leftover of CVE-2012-2392 CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...) - wireshark 1.6.8-1 (unimportant) [squeeze] - wireshark (vulnerable code appeared in 1.4/1.6) NOTE: not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 NOTE: leftover of CVE-2012-2392 CVE-2012-3824 (In Arial Campaign Enterprise before 11.0.551, multiple pages are acces ...) NOT-FOR-US: Arial Campaign Enterprise CVE-2012-3823 (Arial Campaign Enterprise before 11.0.551 stores passwords in clear te ...) NOT-FOR-US: Arial Campaign Enterprise CVE-2012-3822 (Arial Campaign Enterprise before 11.0.551 has unauthorized access to t ...) NOT-FOR-US: Arial Campaign Enterprise CVE-2012-3821 (A Security Bypass vulnerability exists in the activate.asp page in Ari ...) NOT-FOR-US: Arial Software Campaign Enterprise CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Soft ...) NOT-FOR-US: Arial Software Campaign Enterprise CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, ...) NOT-FOR-US: dartwebserver.dll CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the versi ...) - revelation 0.4.13-1.2 (bug #680059) [squeeze] - revelation (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818 NOTE: http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html NOTE: http://als.regnet.cz/fpm2/feedback/2 CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ...) {DSA-2517-1} - bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259) - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) NOTE: https://kb.isc.org/article/AA-00729 CVE-2012-XXXX [packagekit insecure temp file] - packagekit 0.7.6-1 (bug #678189) CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ser ...) NOT-FOR-US: WinRadius CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA befo ...) NOT-FOR-US: Sielco Sistemi Winlog CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...) NOT-FOR-US: Wordpress plugin CVE-2012-3813 RESERVED CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open Sou ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) [squeeze] - asterisk (Vulnerable code not present) CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wall ...) NOT-FOR-US: Avaya IP Office Customer Call Reporter CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry modification. ...) NOT-FOR-US: Samsung CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modifica ...) NOT-FOR-US: Samsung CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. ...) NOT-FOR-US: Samsung CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. ...) NOT-FOR-US: Samsung CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer derefere ...) NOT-FOR-US: Samsung CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the getAllPasse ...) NOT-FOR-US: Kajona CVE-2012-3804 RESERVED CVE-2012-3803 RESERVED CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for D ...) NOT-FOR-US: Drupal module CVE-2012-3801 REJECTED CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic Group ...) NOT-FOR-US: Drupal module CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Maes ...) NOT-FOR-US: Drupal module CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creati ...) NOT-FOR-US: Drupal module CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3795 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3794 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3793 (Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3792 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro- ...) NOT-FOR-US: Pro-face WinGP PC Runtime CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content Managemen ...) NOT-FOR-US: Simple Web Content Management System CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAn ...) NOT-FOR-US: Adiscon LogAnalyzer CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...) - bitcoin 0.5.0~rc1-1 CVE-2012-3788 RESERVED CVE-2012-3787 RESERVED CVE-2012-3786 RESERVED CVE-2012-3785 RESERVED CVE-2012-3784 RESERVED CVE-2012-3783 RESERVED CVE-2012-3782 RESERVED CVE-2012-3781 RESERVED CVE-2012-3780 RESERVED CVE-2012-3779 RESERVED CVE-2012-3778 RESERVED CVE-2012-3777 RESERVED CVE-2012-3776 RESERVED CVE-2012-3775 RESERVED CVE-2012-3774 RESERVED CVE-2012-3773 RESERVED CVE-2012-3772 RESERVED CVE-2012-3771 RESERVED CVE-2012-3770 RESERVED CVE-2012-3769 RESERVED CVE-2012-3768 RESERVED CVE-2012-3767 RESERVED CVE-2012-3766 RESERVED CVE-2012-3765 RESERVED CVE-2012-3764 RESERVED CVE-2012-3763 RESERVED CVE-2012-3762 RESERVED CVE-2012-3761 RESERVED CVE-2012-3760 RESERVED CVE-2012-3759 RESERVED CVE-2012-3758 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...) NOT-FOR-US: QuickTime CVE-2012-3757 (Apple QuickTime before 7.7.3 allows remote attackers to execute arbitr ...) NOT-FOR-US: QuickTime CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...) NOT-FOR-US: QuickTime CVE-2012-3755 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote attacker ...) NOT-FOR-US: QuickTime CVE-2012-3754 (Use-after-free vulnerability in the Clear method in the ActiveX contro ...) NOT-FOR-US: QuickTime CVE-2012-3753 (Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows r ...) NOT-FOR-US: QuickTime CVE-2012-3752 (Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote ...) NOT-FOR-US: QuickTime CVE-2012-3751 (Use-after-free vulnerability in the plugin in Apple QuickTime before 7 ...) NOT-FOR-US: QuickTime CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not pr ...) NOT-FOR-US: iOS CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ke ...) NOT-FOR-US: iOS CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6 ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3747 (WebKit, as used in Apple iOS before 6, allows remote attackers to exec ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the Dat ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3745 (Off-by-one error in Telephony in Apple iOS before 6 allows remote atta ...) NOT-FOR-US: Telephony in Apple iOS CVE-2012-3744 (Telephony in Apple iOS before 6 uses an SMS message's return address a ...) NOT-FOR-US: Telephony in Apple iOS CVE-2012-3743 (The System Logs implementation in Apple iOS before 6 does not restrict ...) NOT-FOR-US: Apple iOS CVE-2012-3742 (Safari in Apple iOS before 6 does not properly restrict use of an unsp ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3741 (The Restrictions (aka Parental Controls) implementation in Apple iOS b ...) NOT-FOR-US: Apple iOS CVE-2012-3740 (The Passcode Lock implementation in Apple iOS before 6 does not proper ...) NOT-FOR-US: Apple iOS CVE-2012-3739 (The Passcode Lock implementation in Apple iOS before 6 allows physical ...) NOT-FOR-US: Apple iOS CVE-2012-3738 (The Emergency Dialer screen in the Passcode Lock implementation in App ...) NOT-FOR-US: Apple iOS CVE-2012-3737 (The Passcode Lock implementation in Apple iOS before 6 does not proper ...) NOT-FOR-US: Apple iOS CVE-2012-3736 (The Passcode Lock implementation in Apple iOS before 6 allows physical ...) NOT-FOR-US: Apple iOS CVE-2012-3735 (The Passcode Lock implementation in Apple iOS before 6 does not proper ...) NOT-FOR-US: Apple iOS CVE-2012-3734 (Office Viewer in Apple iOS before 6 writes cleartext document data to ...) NOT-FOR-US: Apple iOS CVE-2012-3733 (Messages in Apple iOS before 6, when multiple iMessage e-mail addresse ...) NOT-FOR-US: Apple iOS CVE-2012-3732 (Mail in Apple iOS before 6 uses an S/MIME message's From address as th ...) NOT-FOR-US: Apple iOS CVE-2012-3731 (Mail in Apple iOS before 6 does not properly implement the Data Protec ...) NOT-FOR-US: Apple iOS CVE-2012-3730 (Mail in Apple iOS before 6 does not properly handle reuse of Content-I ...) NOT-FOR-US: Apple iOS CVE-2012-3729 (The Berkeley Packet Filter (BPF) interpreter implementation in the ker ...) NOT-FOR-US: Apple iOS CVE-2012-3728 (The kernel in Apple iOS before 6 dereferences invalid pointers during ...) NOT-FOR-US: Apple iOS CVE-2012-3727 (Buffer overflow in the IPsec component in Apple iOS before 6 allows re ...) NOT-FOR-US: Apple iOS CVE-2012-3726 (Double free vulnerability in ImageIO in Apple iOS before 6 allows remo ...) NOT-FOR-US: Apple iOS CVE-2012-3725 (The DNAv4 protocol implementation in the DHCP component in Apple iOS b ...) NOT-FOR-US: Apple iOS CVE-2012-3724 (CFNetwork in Apple iOS before 6 does not properly identify the host po ...) NOT-FOR-US: Apple iOS CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts fi ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and i ...) NOT-FOR-US: QuickTime in Apple Mac OS X CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly perf ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before 10.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local use ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3717 RESERVED CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attacker ...) NOT-FOR-US: Apple Mac OS X CVE-2012-3715 (Apple Safari before 6.0.1 makes http requests for https URIs in certai ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3714 (The Form Autofill feature in Apple Safari before 6.0.1 does not restri ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3713 (Apple Safari before 6.0.1 does not properly handle the Quarantine attr ...) NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3712 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3711 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3710 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3709 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3708 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3707 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3706 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3705 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3704 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3703 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3702 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3701 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3700 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3699 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3698 (Apple Xcode before 4.4 does not properly compose a designated requirem ...) NOT-FOR-US: Apple Xcode CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file: URLs, ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allo ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari bef ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3694 (WebKit in Apple Safari before 6.0 does not properly handle drag-and-dr ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3693 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 6. ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3692 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3691 (WebKit in Apple Safari before 6.0 does not properly handle Cascading S ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3690 (WebKit in Apple Safari before 6.0 does not properly handle drag-and-dr ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3689 (WebKit in Apple Safari before 6.0 does not properly handle drag-and-dr ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3688 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3687 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3686 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3685 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3684 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3681 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3680 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3677 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3676 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3675 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3674 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3673 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3672 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3671 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3670 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3669 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3668 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3667 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3666 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3665 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3664 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3663 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3662 RESERVED CVE-2012-3661 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3660 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3659 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3658 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3657 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3654 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3652 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3651 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory locati ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3649 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3648 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3647 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3643 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3632 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3624 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3623 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3622 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3621 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3619 RESERVED CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3617 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3616 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3614 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3613 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3612 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3607 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3606 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3602 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3601 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3598 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers t ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin Newslet ...) NOT-FOR-US: Wordpress plugin CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...) - apt 0.7.25 (unimportant) NOTE: net-update is disabled by default on Debian CVE-2012-3586 RESERVED CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plu ...) NOT-FOR-US: IrfanView PlugIns CVE-2012-3584 RESERVED CVE-2012-3583 REJECTED CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...) NOT-FOR-US: Symantec PGP Universal Server CVE-2012-3581 (Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers t ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-3580 (Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticat ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password fo ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the FCCha ...) NOT-FOR-US: Wordpress plugin CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia M ...) NOT-FOR-US: Wordpress plugin CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the wpStor ...) NOT-FOR-US: Wordpress plugin CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the RBX Gall ...) NOT-FOR-US: Wordpress plugin CVE-2012-3574 (Unrestricted file upload vulnerability in includes/doajaxfileupload.ph ...) NOT-FOR-US: Wordpress plugin CVE-2012-3573 REJECTED CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and ...) NOT-FOR-US: Open Source Competency Center (OSCC) MyMeeting CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remo ...) {DSA-2519-2 DSA-2519-1 DSA-2516-1} - isc-dhcp 4.2.4-2 (bug #686174) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is ...) - isc-dhcp 4.2.4-2 (bug #686174) [squeeze] - isc-dhcp (Vulnerable code not present) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1 CVE-2012-3569 (Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used ...) NOT-FOR-US: VMware OVF Tool CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...) NOT-FOR-US: Opera CVE-2012-3567 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...) NOT-FOR-US: Opera CVE-2012-3566 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...) NOT-FOR-US: Opera CVE-2012-3565 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...) NOT-FOR-US: Opera CVE-2012-3564 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...) NOT-FOR-US: Opera CVE-2012-3563 (Opera before 12.00 Beta allows remote attackers to cause a denial of s ...) NOT-FOR-US: Opera CVE-2012-3562 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...) NOT-FOR-US: Opera CVE-2012-3561 (Opera before 11.64 does not properly allocate memory for URL strings, ...) NOT-FOR-US: Opera CVE-2012-3560 (Opera before 11.65 does not ensure that the address field corresponds ...) NOT-FOR-US: Opera CVE-2012-3559 (Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknow ...) NOT-FOR-US: Opera CVE-2012-3558 (Opera before 11.65 does not ensure that the address field corresponds ...) NOT-FOR-US: Opera CVE-2012-3557 (Opera before 11.65 does not properly restrict the reading of JSON stri ...) NOT-FOR-US: Opera CVE-2012-3556 (Opera before 11.65 does not properly restrict the opening of a pop-up ...) NOT-FOR-US: Opera CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are associa ...) NOT-FOR-US: Opera CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) compone ...) NOT-FOR-US: Joomla addon CVE-2012-3552 (Race condition in the IP implementation in the Linux kernel before 3.0 ...) {DSA-2668-1} - linux 3.0-1 - linux-2.6 CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in crowbar_framework/app/view ...) NOT-FOR-US: Crowbar CVE-2012-3550 REJECTED CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to caus ...) - kfreebsd-8 8.3-5 (bug #686961) [squeeze] - kfreebsd-8 (Minor issue) - kfreebsd-9 9.0-7 (bug #686962) - kfreebsd-10 10.0~svn242489-1 (bug #686963) NOTE: http://www.exploit-db.com/exploits/20226/ CVE-2012-3548 (The dissect_drda function in epan/dissectors/packet-drda.c in Wireshar ...) - wireshark 1.8.2-2 (unimportant; bug #686225) [squeeze] - wireshark (Vulnerable code not present) NOTE: Doesn't allow code injection NOTE: debian changelog contains CVE-2012-5239, but this was rejected in favour of CVE-2012-3548 CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...) {DSA-2546-1} - freeradius 2.1.12+dfsg-1.1 (medium; bug #687175) CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6 ...) - tomcat7 7.0.28-4 (bug #695251) - tomcat6 6.0.35-6 (bug #695250) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 CVE-2012-3545 REJECTED CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properl ...) {DSA-2897-1 DSA-2725-1} - tomcat6 6.0.37 - tomcat7 7.0.30 CVE-2012-3543 (mono 2.10.x ASP.NET Web Form Hash collision DoS ...) - mono 2.10.8.1-7 (bug #686562) [squeeze] - mono (Minor issue) CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and ...) - keystone 2012.1.1-5 CVE-2012-3541 REJECTED CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack Dashbo ...) - horizon 2012.1.1-4 (bug #686050) CVE-2012-3539 REJECTED CVE-2012-3538 (Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in ...) NOT-FOR-US: Red Hat CloudForms CVE-2012-3537 (The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/cro ...) NOT-FOR-US: crowbar ohai plugin NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87 CVE-2012-3536 (Two XSS vulnerabilities were fixed in message list and view in the Hup ...) NOT-FOR-US: Apache James CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote ...) {DSA-2629-1} - openjpeg 1.3+dfsg-4.6 (bug #685970) CVE-2012-3534 (GNU Gatekeeper before 3.1 does not limit the number of connections to ...) - gnugk 2:3.0.2-3 (low; bug #685969) [squeeze] - gnugk (Minor issue) CVE-2012-3533 (The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 doe ...) NOT-FOR-US: ovirt CVE-2012-3532 (Cross-site request forgery (CSRF) vulnerability in the GateIn Portal c ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-3531 (Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3530 (Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3529 (The configuration module in the backend in TYPO3 4.5.x before 4.5.19, ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3528 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3527 (view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, ...) {DSA-2537-1} - typo3-src 4.5.19+dfsg1-1 (bug #685011) CVE-2012-3526 (The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Ap ...) {DSA-2532-1} - libapache2-mod-rpaf 0.6-1 (bug #683984) CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a reques ...) - jabberd2 2.2.17-1 (bug #685666) CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged pro ...) - dbus 1.6.8-1 (bug #689070) [squeeze] - dbus 1.2.24-4+squeeze2 - glib2.0 2.33.12+really2.32.4-2 [squeeze] - glib2.0 (Vulnerable code not present) NOTE: fixed in 2.34.0-1 from experimental NOTE: https://www.openwall.com/lists/oss-security/2012/09/12/6 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=697105 NOTE: http://stealth.openwall.net/null/dzug.c CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not prop ...) - inn (STARTTLS was introduced in 2.3, see bug #685581) - inn2 2.5.3-1 (low; bug #685581) [squeeze] - inn2 (Minor issue) CVE-2012-3522 (Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeS ...) - geshi (Vulnerable code not present, see bug #685323) [squeeze] - geshi (shipped as example/.gz) CVE-2012-3521 (Multiple directory traversal vulnerabilities in the cssgen contrib mod ...) - geshi 1.0.8.4-2 (bug #685324) [squeeze] - geshi 1.0.8.4-1+squeeze1 CVE-2012-3520 (The Netlink implementation in the Linux kernel before 3.2.30 does not ...) - linux 3.2.29-1 - linux-2.6 (Introduced in 3.1) CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time fo ...) {DSA-2548-1} - tor 0.2.3.20-rc-1 (low) CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in ...) {DSA-2548-1} - tor 0.2.3.20-rc-1 (low) CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might all ...) {DLA-17-1} - tor 0.2.3.20-rc-1 (low) [squeeze] - tor 0.2.4.23-1~deb6u1 CVE-2012-3516 (The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall ...) - xen (Only affects >= 4.2) CVE-2012-3515 (Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulat ...) {DSA-2545-1 DSA-2543-1 DSA-2542-1} - xen 4.1.3-2 (bug #686764) [squeeze] - xen (Vulnerable code not present) - xen-qemu-dm-4.0 - qemu 1.1.2+dfsg-1 - qemu-kvm 1.1.2+dfsg-1 CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without restr ...) - xml-light 2.2-15 (low; bug #685584) [squeeze] - xml-light (Minor issue) CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module un ...) - munin 2.0.6-1 (bug #684076) [squeeze] - munin (vulnerable code introduced in 2.x) NOTE: http://www.munin-monitoring.org/ticket/1238 CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the s ...) {DLA-20-1} - munin 2.0.6-1 (bug #684075) [squeeze] - munin 1.4.5-3+deb6u1 NOTE: http://www.munin-monitoring.org/ticket/1234 CVE-2012-3511 (Multiple race conditions in the madvise_remove function in mm/madvise. ...) - linux 3.2.23-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-47 CVE-2012-3510 (Use-after-free vulnerability in the xacct_add_tsk function in kernel/t ...) - linux 2.6.20-1 - linux-2.6 2.6.20-1 CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in obja ...) {DLA-324-1} - binutils 2.22-8 (low; bug #688951) CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 an ...) - roundcube 0.7.2-4 (bug #685475) [squeeze] - roundcube (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...) - roundcube 0.7.2-4 (bug #685475) [squeeze] - roundcube (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3507 (Cross-site scripting (XSS) vulnerability in program/steps/mail/func.in ...) - roundcube (only affects rc versions of 0.8) NOTE: http://trac.roundcube.net/ticket/1488519 CVE-2012-3506 (Unspecified vulnerability in the Apache Open For Business Project (aka ...) NOT-FOR-US: OFBiz CVE-2012-3505 (Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial ...) {DSA-2564-1} - tinyproxy 1.8.3-3 (bug #685281) NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985 CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allo ...) NOT-FOR-US: genkey script from Red Hat, not present in Debian CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly g ...) NOT-FOR-US: Katello CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp mo ...) - apache2 (Only affects 2.4 from experimental) NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727 CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c in Squ ...) - squidclamav (bug #685398) CVE-2012-3500 (scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpm ...) {DSA-2549-1} - devscripts 2.12.2 CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...) {DSA-2637-1} - apache2 2.2.22-13 (low) CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and e ...) - xen 4.1.3-2 (bug #686764) [squeeze] - xen (Vulnerable code not present) CVE-2012-3497 ((1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) T ...) - xen 4.1.4-1 (unimportant; bug #686764) [squeeze] - xen (Experimental/unsupported feature) NOTE: TMEM not supported for production systems (technology preview) CVE-2012-3496 (XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer ...) {DSA-2544-1} - xen 4.1.3-2 (bug #686764) CVE-2012-3495 (The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x ...) - xen 4.1.3-2 (bug #686764) [squeeze] - xen (Vulnerable code not present) CVE-2012-3494 (The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4 ...) {DSA-2544-1} - xen 4.1.3-2 (bug #686764) CVE-2012-3493 (The command_give_request_ad function in condor_startd.V6/command.cpp C ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8. ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3490 (The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server compo ...) {DSA-2534-1} - postgresql-9.1 9.1.5-1 - postgresql-8.4 8.4.12-2 CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8 ...) {DSA-2534-1} - postgresql-9.1 9.1.5-1 - postgresql-8.4 8.4.12-2 CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local users ...) NOT-FOR-US: Tunnelblick CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain privilege ...) NOT-FOR-US: Tunnelblick CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the n ...) NOT-FOR-US: Tunnelblick CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific owners ...) NOT-FOR-US: Tunnelblick CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and ...) NOT-FOR-US: Tunnelblick CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debu ...) - fetchmail 6.3.22-1 (low) [wheezy] - fetchmail (Minor issue) [squeeze] - fetchmail (Minor issue) CVE-2012-3481 (Integer overflow in the ReadImage function in plug-ins/common/file-gif ...) - gimp 2.8.2-1 (bug #685397) [squeeze] - gimp 2.6.10-1+squeeze4 NOTE: https://www.openwall.com/lists/oss-security/2012/08/20/8 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=776572 CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...) {DLA-165-1} - eglibc 2.13-36 (bug #684889) - glibc 2.13-36 CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically execut ...) {DSA-2603-1} - emacs23 23.4+1-4 (bug #684695) - emacs24 24.2+1-1 (bug #684694) NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/1 NOTE: https://www.openwall.com/lists/oss-security/2012/08/13/2 CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricte ...) {DSA-2530-1} - rssh 2.3.3-5 CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows r ...) NOT-FOR-US: Neoinvoice CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) application ...) NOT-FOR-US: Ushahidi CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls ...) NOT-FOR-US: Ushahidi CVE-2012-3474 (The comments API in application/libraries/api/MY_Comments_Api_Object.p ...) NOT-FOR-US: Ushahidi CVE-2012-3473 (The (1) reports API and (2) administration feature in the comments API ...) NOT-FOR-US: Ushahidi CVE-2012-3472 (The email API in application/libraries/api/MY_Email_Api_Object.php in ...) NOT-FOR-US: Ushahidi CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in (1) ap ...) NOT-FOR-US: Ushahidi CVE-2012-3470 (Multiple SQL injection vulnerabilities in application/libraries/api/MY ...) NOT-FOR-US: Ushahidi CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...) NOT-FOR-US: Ushahidi CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...) NOT-FOR-US: Ushahidi CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...) - qpid-cpp 0.16-7 (bug #684456) [wheezy] - qpid-cpp 0.16-6+deb7u1 CVE-2012-3466 (GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set ...) - gnome-keyring 3.4.1-5 (bug #683655) [squeeze] - gnome-keyring (Only affects gnome-keyring 3.4.x) CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...) {DSA-2655-1} - rails 2.3.14.1 (low) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...) {DSA-2655-1} - rails 2.3.14.1 (low) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) NOTE: Starting with 2.3.14.1 rails is a transition package CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...) - rails (Only affects RoR 3.x) - ruby-actionpack-3.2 3.2.6-4 (bug #684454) NOTE: https://www.openwall.com/lists/oss-security/2012/08/09/8 CVE-2012-3462 (A flaw was found in SSSD version 1.9.0. The SSSD's access-provider log ...) - sssd 1.10.0-1 NOTE: https://pagure.io/SSSD/sssd/issue/1470 NOTE: https://pagure.io/SSSD/sssd/c/ffcf27b0b773b580289d596f796aaf86c45ba920 (master) CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_d ...) {DSA-2526-1} - libotr 3.2.1-1 (medium; bug #684121) CVE-2012-3460 (cumin: At installation postgresql database user created without passwo ...) NOT-FOR-US: Cumin CVE-2012-3459 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...) NOT-FOR-US: Cumin CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...) {DSA-2541-1} - beaker 1.6.3-1.1 (bug #684890) CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for proc ...) - pnp4nagios (unimportant; bug #683879) NOTE: The permissions of this file are under the control of the admin CVE-2012-3456 (Heap-based buffer overflow in the read function in filters/words/mswor ...) - calligra 1:2.4.3-2 (bug #684004) - wv2 0.4.2.dfsg.1-9.1 (low) [squeeze] - wv2 (Minor issue) CVE-2012-3455 (Heap-based buffer overflow in the read function in filters/words/mswor ...) - koffice (low) [squeeze] - koffice (Minor issue) CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/ext ...) - extplorer 2.1.0b6+dfsg.3-4 (low; bug #683649) [squeeze] - extplorer (Minor issue) CVE-2012-3453 (logol 1.5.0 uses world writable permissions for the /var/lib/logol/res ...) - logol 1.5.0-4 (bug #683647) CVE-2012-3452 (gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when mult ...) - gnome-screensaver (vulnerable code not present) CVE-2012-3451 (Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 al ...) NOT-FOR-US: Apache CXF CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...) {DSA-2527-1} - php5 5.4.4-1 (bug #683694) NOTE: http://seclists.org/bugtraq/2012/Jun/60 NOTE: https://bugs.php.net/bug.php?id=61755 NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/3 NOTE: https://www.openwall.com/lists/oss-security/2012/08/02/7 CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/op ...) - openvswitch 1.4.2+git20120612-8 (bug #683665) CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote at ...) {DSA-2610-1} - ganglia 3.3.8-1 (bug #683584) CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 ...) - nova 2012.1.1-6 (bug #684256) CVE-2012-3446 (Apache Libcloud before 0.11.1 uses an incorrect regular expression dur ...) - libcloud 0.5.0-1.1 (bug #683927) CVE-2012-3445 (The virTypedParameterArrayClear function in libvirt 0.9.13 does not pr ...) - libvirt 0.9.12-4 (bug #683483) [squeeze] - libvirt (Vulnerable code not present) NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734 CVE-2012-3444 (The get_image_dimensions function in the image-handling functionality ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) django.http.HttpRespo ...) {DSA-2529-1} - python-django 1.4.1-1 (bug #683364) NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/31/2 CVE-2012-3441 (The database creation script (module/idoutils/db/scripts/create_mysqld ...) - icinga (Debian uses dbconfig, which does the right thing, bug #683320) CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (R ...) - sudo (Red Hat-specific postinst script) CVE-2012-3439 REJECTED CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8 ...) - graphicsmagick 1.3.16-1.1 (low; bug #683284) [squeeze] - graphicsmagick (Minor issue) CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 an ...) {DLA-242-1} - imagemagick 8:6.7.7.10-3 (low; bug #683285) [squeeze] - imagemagick (Minor issue) CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to cle ...) {DSA-2524-1} - openttd 1.2.1-2 (low; bug #683258) CVE-2012-3435 (SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...) {DSA-2539-1} - zabbix 1:2.0.2+dfsg-1 (bug #683273) NOTE: http://seclists.org/oss-sec/2012/q3/127 CVE-2012-3434 (Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php ...) NOT-FOR-US: WordPress plugin Count Per Day CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of ...) {DSA-2531-1} - xen 4.1.3-1 (bug #683279) CVE-2012-3432 (The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations e ...) {DSA-2531-1} - xen 4.1.3-1 (bug #683279) CVE-2012-3431 (The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss E ...) NOT-FOR-US: Teeid CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel before ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 NOTE: https://www.openwall.com/lists/oss-security/2012/07/26/3 CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb ...) NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application Se ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-3427 (EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platfor ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...) - keystone 2012.1.1-1 CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1 ...) {DLA-375-1} - libpng 1.2.49-1 (low; bug #668082) CVE-2012-3424 (The decode_credentials method in actionpack/lib/action_controller/meta ...) - rails (Only affects RoR 3.x) - ruby-actionpack-3.2 3.2.6-3 (bug #683370) CVE-2012-3423 (The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant ...) - icedtea-web 1.3-1 CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin before ...) - icedtea-web 1.3-1 CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attack ...) {DSA-2533-1} - pcp 3.6.5 (bug #685476) CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota ...) - quota 4.00~pre1-1 NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based authe ...) - condor 7.8.2~dfsg.1-1 (bug #685366) CVE-2012-3415 REJECTED CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...) - libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323) - wordpress 3.5.1+dfsg-1 (bug #698934) NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/ CVE-2012-3413 (The HTMLQuoteColorer::process function in messageviewer/htmlquotecolor ...) - kdepim (Only affects kdepim >= 4.6) NOTE: CVE-request https://www.openwall.com/lists/oss-security/2012/07/13/3 NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54 NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690 CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before ...) - linux 3.2.29-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 CVE-2012-3411 (Dnsmasq before 2.63test1, when used with certain libvirt configuration ...) - dnsmasq 2.63-1 (low; bug #683372) [wheezy] - dnsmasq (Minor issue) [squeeze] - dnsmasq (Minor issue) NOTE: Please see CVE-2013-0198 CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...) - bash 4.2-4 (low; bug #681278) [squeeze] - bash (Minor issue) CVE-2012-3409 (ecryptfs-utils: suid helper does not restrict mounting filesystems wit ...) - ecryptfs-utils 99-1 (bug #682220) [squeeze] - ecryptfs-utils (home src/dest mountpoints hardcoded in that version) CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet En ...) - puppet 2.7.18-1 (low) [squeeze] - puppet (Minor issue) NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/ NOTE: There's no code fix, but this should be addressed in stable with a NEWS file warning about this NOTE: Fixed in 2.7.18 by updated docs CVE-2012-3407 (plow has local buffer overflow vulnerability ...) NOT-FOR-US: plow NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/6 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/16 CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...) {DSA-3169-1 DLA-165-1} - eglibc - glibc 2.19-14 (low; bug #681888) NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...) {DLA-165-1} - glibc 2.13-35 (low; bug #681473) - eglibc 2.13-35 (low; bug #681473) NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Libr ...) - glibc 2.13-35 (low; bug #681473) - eglibc 2.13-35 (low; bug #681473) [squeeze] - eglibc 2.11.3-1 NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445 NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/5 NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/17 CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...) - gimp 2.8.2-1 (bug #685397) [squeeze] - gimp 2.6.10-1+squeeze4 CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD p ...) - gimp 2.4.0~rc1-1 NOTE: Only affects 2.2 series CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibT ...) {DSA-2552-1} - tiff 4.0.2-2 (bug #682115) - tiff3 3.9.6-7 (bug #682195) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577 CVE-2012-3400 (Heap-based buffer overflow in the udf_load_logicalvol function in fs/u ...) - linux 3.2.23-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 CVE-2012-3399 (Config/diff.php in Basilic 1.5.14 allows remote attackers to execute a ...) NOT-FOR-US: Basilic CVE-2012-3398 (Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2. ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Minor issue) CVE-2012-3397 (lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.0) CVE-2012-3396 (Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Mo ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.0) CVE-2012-3395 (SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0 ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.0) CVE-2012-3394 (auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x bef ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3393 (Cross-site scripting (XSS) vulnerability in repository/lib.php in Mood ...) - moodle 2.2.3.dfsg-2.1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3392 (mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x be ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3391 (mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2 ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3390 (lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 do ...) - moodle 2.2.3.dfsg-1 (bug #682203) [squeeze] - moodle (Only affects >= 2.1) CVE-2012-3389 (Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typesse ...) - moodle 2.2.3.dfsg-2.2 (bug #682203) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-3388 (The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2 ...) - moodle 2.2.3.dfsg-2.2 (bug #682203) [squeeze] - moodle (Only affects >= 2.2) CVE-2012-3387 (Moodle 2.3.x before 2.3.1 uses only a client-side check for whether re ...) - moodle (Only affects 2.3) CVE-2012-3386 (The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x bef ...) - automake 1:1.4-p6-13.1 - automake1.10 1:1.10.3-3 [squeeze] - automake1.10 1:1.10.3-1+squeeze1 - automake1.11 1:1.11.6-1 (bug #681097) [squeeze] - automake1.11 1:1.11.1-1+squeeze1 - automake1.7 1.7.9-10 [squeeze] - automake1.7 1.7.9-9.1+squeeze1 - automake1.9 1.9.6+nogfdl-4 [squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1 CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post conte ...) - wordpress 3.4.1+dfsg-1 (bug #680721) NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in W ...) - wordpress 3.4.1+dfsg-1 (bug #680721) NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...) - wordpress 3.4.1+dfsg-1 (bug #680721) NOTE: https://www.openwall.com/lists/oss-security/2012/07/02/1 NOTE: https://www.openwall.com/lists/oss-security/2012/07/08/1 CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest functio ...) {DSA-2512-1} - mono 2.10.8.1-5 (bug #681095) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=769799 NOTE: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRA ...) NOT-FOR-US: sblim-sfcb NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770234 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160 NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/7 NOTE: https://www.openwall.com/lists/oss-security/2012/07/06/8 CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Nax ...) - nginx 1.2.1-2 [squeeze] - nginx (naxsi package was introduced in 1.1.18-1) CVE-2012-3379 [as31: insecure file creation in /tmp] REJECTED CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOME at- ...) - at-spi2-atk 2.5.3-1 (bug #678026) CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...) - vlc 2.0.2-1 (bug #680665) [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: https://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e NOTE: http://securitytracker.com/id/1027224 CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...) - hadoop (bug #535861) NOTE: http://seclists.org/bugtraq/2012/Jul/48 CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...) - linux 3.2.23-1 - linux-2.6 (Introduced in 3.2) CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple i ...) {DSA-2509-1} - pidgin 2.10.6-1 (bug #680661) [squeeze] - pidgin 2.7.3-1+squeeze3 NOTE: http://www.pidgin.im/news/security/index.php?id=64 NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42 CVE-2012-3373 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM appliances us ...) NOT-FOR-US: Cyberoam DPI devices NOTE: https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372 NOTE: http://seclists.org/bugtraq/2012/Jul/20 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Ess ...) - nova 2012.1.1-5 (bug #681301) NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/13 NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9 NOTE: https://bugs.launchpad.net/nova/+bug/1017795 CVE-2012-3370 (The SecurityAssociation.getCredential method in JBoss Enterprise Appli ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-3369 (The CallerIdentityLoginModule in JBoss Enterprise Application Platform ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote attack ...) - dtach 0.8-2.1 (low; bug #625302) [squeeze] - dtach 0.8-2+squeeze1 NOTE: http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849 CVE-2012-3367 (Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...) {DSA-2503-1} - bcfg2 1.2.2-2 (bug #679272) CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...) - php5 (unimportant) NOTE: open_basedir not supported CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...) - linux 3.2.23-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-3363 (Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.1 ...) {DSA-2505-1} - zendframework 1.11.12-1 (bug #679215) - moodle 2.5-1 (bug #703870) [squeeze] - moodle (Vulnerable code not present) CVE-2012-3362 (Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 a ...) {DSA-2510-1} - extplorer 2.1.0b6+dfsg.3-3 (bug #678737) CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2 ...) - nova 2012.1.1-2 (bug #680110) CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack Com ...) - nova 2012.1.1-2 (bug #680110) CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in a Bas ...) NOT-FOR-US: Red Hat Conga CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in j ...) {DSA-2629-1} - openjpeg 1.3+dfsg-4.4 (bug #681075) NOTE: https://www.openwall.com/lists/oss-security/2012/07/11/1 NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1. ...) {DSA-2563-1} - viewvc 1.1.5-1.3 (bug #679069) NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759 NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760 CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC ...) {DSA-2563-1} - viewvc 1.1.5-1.3 (bug #679069) NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab. ...) - rhythmbox 2.97-2.1 (low; bug #616673) [squeeze] - rhythmbox (Minor issue) NOTE: Upstream bug report https://bugzilla.gnome.org/show_bug.cgi?id=678661 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076 CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain P ...) - dokuwiki 0.0.20130510a-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2012/06/24/2 CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling J ...) NOT-FOR-US: Apache Sling CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...) - asterisk (Only affects Asterisk 10) CVE-2012-3352 RESERVED CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video ...) NOT-FOR-US: LongTail Video JW Player CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remo ...) NOT-FOR-US: WebMatic NOTE: http://seclists.org/bugtraq/2012/Jul/25 CVE-2012-3349 RESERVED CVE-2012-3348 RESERVED CVE-2012-3347 (AutoFORM PDM Archive before 7.0 implements user accounts in a way that ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-3346 RESERVED CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files ...) - ioquake3 1.36+svn2224-4 NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/3 CVE-2012-3344 RESERVED CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before 3 ...) NOT-FOR-US: Microdasys CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-3341 (IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2012-3340 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML extern ...) NOT-FOR-US: IBM CVE-2012-3339 RESERVED CVE-2012-3338 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2012-3337 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2012-3336 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL inject ...) NOT-FOR-US: IBM CVE-2012-3335 RESERVED CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...) NOT-FOR-US: IBM Informix Dynamic Server CVE-2012-3333 (CRLF injection vulnerability in IBM Maximo Asset Management 7.x before ...) NOT-FOR-US: IBM Maximo Asset Management and others CVE-2012-3332 RESERVED CVE-2012-3331 (IBM Sametime allows remote attackers to obtain sensitive information f ...) NOT-FOR-US: IBM Sametime CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0. ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 ...) NOT-FOR-US: IBM Advanced Settings Utility, Bootable Media Creator CVE-2012-3328 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM CVE-2012-3327 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM CVE-2012-3326 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x be ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 an ...) NOT-FOR-US: IBM DB2 CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated users to b ...) NOT-FOR-US: IBM CVE-2012-3320 RESERVED CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attac ...) NOT-FOR-US: IBM Rational Business Developer CVE-2012-3318 RESERVED CVE-2012-3317 (IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, ...) NOT-FOR-US: IBM WebSphere CVE-2012-3316 (Cross-site scripting (XSS) vulnerability in the Tivoli Process Automat ...) NOT-FOR-US: IBM CVE-2012-3315 (The Java servlets in the management console in IBM Tivoli Federated Id ...) NOT-FOR-US: IBM Tivoli CVE-2012-3314 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Iden ...) NOT-FOR-US: IBM Tivoli CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ea ...) NOT-FOR-US: IBM InfoSphere Guardium CVE-2012-3311 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3310 (IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 be ...) NOT-FOR-US: IBM Tivoli CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the account-creatio ...) NOT-FOR-US: IBM InfoSphere Guardium CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...) NOT-FOR-US: IBM Sametime CVE-2012-3307 RESERVED CVE-2012-3306 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3305 (Directory traversal vulnerability in IBM WebSphere Application Server ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3304 (The Administrative Console in IBM WebSphere Application Server (WAS) 6 ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-3303 RESERVED CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domin ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotu ...) NOT-FOR-US: IBM Lotus Domino CVE-2012-3300 (IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions an ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2012-3299 RESERVED CVE-2012-3298 (Unspecified vulnerability in the REST services framework in IBM WebSph ...) NOT-FOR-US: IBM WebSphere Commerce CVE-2012-3297 (Cross-site scripting (XSS) vulnerability in the embedded HTTP server i ...) NOT-FOR-US: IBM Tivoli CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...) NOT-FOR-US: IBM Power Hardware Management Console CVE-2012-3295 (IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote a ...) NOT-FOR-US: IBM WebSphere MQ CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...) NOT-FOR-US: IBM WebSphere CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...) NOT-FOR-US: IBM WebSphere CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...) {DSA-2523-1} - globus-gridftp-server 6.5-1 CVE-2012-3291 (Heap-based buffer overflow in OpenConnect 3.18 allows remote servers t ...) {DSA-2495-1} - openconnect 3.18-1 (bug #677594) CVE-2012-3290 (Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132 ...) NOT-FOR-US: Chrome books CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, V ...) NOT-FOR-US: VMware CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Playe ...) NOT-FOR-US: VMware CVE-2012-3287 (Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and ...) NOT-FOR-US: md5crypt CVE-2012-3286 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and e ...) NOT-FOR-US: HP ArcSight appliance CVE-2012-3285 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3284 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3283 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3282 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hyd ...) NOT-FOR-US: HP LeftHand Virtual SAN Appliance CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command Vie ...) NOT-FOR-US: HP XP P9000 Command View CVE-2012-3280 (Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J ...) NOT-FOR-US: HP NonStop Servers CVE-2012-3279 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...) NOT-FOR-US: HP Network Node Manager i CVE-2012-3278 (Stack-based buffer overflow in magentservice.exe in HP Diagnostics Ser ...) NOT-FOR-US: HP Diagnostics Server CVE-2012-3277 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8. ...) NOT-FOR-US: HP OpenVMS CVE-2012-3276 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8. ...) NOT-FOR-US: HP OpenVMS CVE-2012-3275 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and ...) NOT-FOR-US: HP Network Node Manager CVE-2012-3274 (Stack-based buffer overflow in uam.exe in the User Access Manager (UAM ...) NOT-FOR-US: HP Intelligent Management Center CVE-2012-3273 (Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP M4 ...) NOT-FOR-US: HP LaserJet CVE-2012-3272 (Cross-site scripting (XSS) vulnerability on the HP Color LaserJet CM35 ...) NOT-FOR-US: HP LaserJet CVE-2012-3271 (Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) ...) NOT-FOR-US: HP ILO CVE-2012-3270 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5. ...) NOT-FOR-US: HP Performance Insight CVE-2012-3269 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5. ...) NOT-FOR-US: HP Performance Insight CVE-2012-3268 (Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, ...) NOT-FOR-US: HP network devices CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 all ...) NOT-FOR-US: HP NNMi CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX ...) NOT-FOR-US: HP IBRIX CVE-2012-3265 REJECTED CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...) NOT-FOR-US: HP SiteScope CVE-2012-3263 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...) NOT-FOR-US: HP SiteScope CVE-2012-3262 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...) NOT-FOR-US: HP SiteScope CVE-2012-3261 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...) NOT-FOR-US: HP SiteScope CVE-2012-3260 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...) NOT-FOR-US: HP SiteScope CVE-2012-3259 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 thro ...) NOT-FOR-US: HP SiteScope CVE-2012-3258 (Unspecified vulnerability in HP Operations Orchestration 9.0 before 9. ...) NOT-FOR-US: HP Operations Orchestration CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...) NOT-FOR-US: HP Business Availability Center CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business Availab ...) NOT-FOR-US: HP Business Availability Center CVE-2012-3255 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...) NOT-FOR-US: HP Business Availability Center CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center bef ...) NOT-FOR-US: HP iNode Management Center CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management Cent ...) NOT-FOR-US: HP Intelligent Management CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allow ...) NOT-FOR-US: HP Serviceguard CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tie ...) NOT-FOR-US: HP Service Manager CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and ...) NOT-FOR-US: HP Service Manager CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remo ...) NOT-FOR-US: HP Fortify Software Security Center CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remo ...) NOT-FOR-US: HP Fortify Software Security Center CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c ...) NOT-FOR-US: HP Integrity Server CVE-2012-3246 RESERVED CVE-2012-3245 RESERVED CVE-2012-3244 RESERVED CVE-2012-3243 (Cross-site scripting (XSS) vulnerability in the SEOgento plugin for Ma ...) NOT-FOR-US: SEOgento plugin for Magento CVE-2012-3242 RESERVED CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not ...) - eucalyptus (Fixed before initial release) CVE-2012-3240 (The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows r ...) - eucalyptus (Fixed before initial release) CVE-2012-3239 RESERVED CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore compone ...) NOT-FOR-US: Astaro appliance CVE-2012-3237 RESERVED CVE-2012-3236 (fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a deni ...) - gimp 2.8.2-1 (unimportant) NOTE: Harmless crasher w/o security impact NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=676804 NOTE: https://git.gnome.org/browse/gimp/commit/?id=0474376d234bc3d0901fd5e86f89d778a6473dd8 (GIMP_2_8_2) CVE-2012-3235 RESERVED CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1. ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-3233 (Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExce ...) NOT-FOR-US: Kayako Fusion 4.40.1148 CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, ...) NOT-FOR-US: web@all CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web@all ...) NOT-FOR-US: web@all CVE-2012-3230 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3229 (Unspecified vulnerability in the Siebel UI Framework component in Orac ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3228 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3227 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3226 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3225 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3224 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3223 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3222 (Unspecified vulnerability in the Oracle iRecruitment component in Orac ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3221 (Unspecified vulnerability in the Oracle VM Virtual Box component in Or ...) {DSA-2594-1} - virtualbox 4.1.18-dfsg-1.1 (bug #690777) - virtualbox-ose NOTE: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ CVE-2012-3220 (Unspecified vulnerability in the Spatial component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2012-3219 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle CVE-2012-3218 (Unspecified vulnerability in the Human Resources component in Oracle E ...) NOT-FOR-US: Oracle CVE-2012-3217 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3216 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774) - openjdk-7 7u3-2.1.3-1 (bug #690774) CVE-2012-3215 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when runnin ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3213 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-3212 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when runnin ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3211 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3210 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3209 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when runnin ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3208 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3207 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows l ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3206 (Unspecified vulnerability in the Integrated Lights Out Manager CLI in ...) NOT-FOR-US: Oracle Sun Products Suite SysFW CVE-2012-3205 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3204 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3203 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3202 (Multiple unspecified vulnerabilities in the Oracle JRockit component i ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3201 (Unspecified vulnerability in the PeopleSoft Enterprise Campus Solution ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3200 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3199 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3198 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3197 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3196 (Unspecified vulnerability in the Oracle Human Resources component in O ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3195 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3194 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3193 (Unspecified vulnerability in the Oracle BI Publisher component in Orac ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3192 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3191 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3190 (Unspecified vulnerability in the Oracle Universal Work Queue component ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3189 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3188 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3187 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3186 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3185 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3184 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3183 (Unspecified vulnerability in the Oracle WebCenter Sites component in O ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3182 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3181 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3180 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3179 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3178 (Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allow ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3177 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3176 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-3175 (Unspecified vulnerability in the Oracle Application Server Single Sign ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3174 (Unspecified vulnerability in Oracle Java 7 before Update 11 allows rem ...) - openjdk-6 (Only affects Java 7) - openjdk-7 7u3-2.1.4-1 CVE-2012-3173 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3172 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3171 (Unspecified vulnerability in the Oracle Applications Technology Stack ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3170 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3169 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3168 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-3167 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3166 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3165 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3164 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3163 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3162 (Unspecified vulnerability in the Oracle Applications Framework compone ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3161 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3160 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3159 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-3158 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3157 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...) - glassfish (bug #692035) [stretch] - glassfish (Only used a build dep, specific details withheld) [jessie] - glassfish [wheezy] - glassfish NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version. CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3153 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3152 (Unspecified vulnerability in the Oracle Reports Developer component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3151 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-3150 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2581-1} - mysql-5.1 - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3149 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3148 (Unspecified vulnerability in the Oracle Field Service component in Ora ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3147 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3146 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-3145 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3144 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.28+dfsg-1 (bug #690778) CVE-2012-3143 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-3142 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3141 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-3140 (Unspecified vulnerability in the Oracle Agile PLM For Process componen ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3139 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3138 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-3137 (The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0 ...) NOT-FOR-US: Oracle Database CVE-2012-3136 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.2-1 - openjdk-6 CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-3133 (Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyper ...) NOT-FOR-US: Oracle CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0 ...) NOT-FOR-US: Oracle Database CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows r ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3129 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3128 (Unspecified vulnerability in Oracle SPARC T-Series Servers running Sys ...) NOT-FOR-US: ILO firmware CVE-2012-3127 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3126 (Unspecified vulnerability in the Solaris Cluster component in Oracle S ...) NOT-FOR-US: Solaris Cluster CVE-2012-3125 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows re ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3124 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3123 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3122 (Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local u ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3121 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attack ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) CVE-2012-3118 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools) CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3116 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3115 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3114 (Unspecified vulnerability in the Oracle Transportation Management comp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-3113 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) CVE-2012-3112 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-3111 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS) CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla Firef ...) - iceweasel 10.0.5esr-1 [squeeze] - iceweasel (Vulnerable code not present) CVE-2012-3104 REJECTED CVE-2012-3103 RESERVED CVE-2012-3102 RESERVED CVE-2012-3101 RESERVED CVE-2012-3100 RESERVED CVE-2012-3099 RESERVED CVE-2012-3098 RESERVED CVE-2012-3097 RESERVED CVE-2012-3096 (Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authentica ...) NOT-FOR-US: Cisco Unity Connection CVE-2012-3095 RESERVED CVE-2012-3094 (The VPN downloader in the download_install component in Cisco AnyConne ...) NOT-FOR-US: Cisco AnyConnect Secure Mobility Client CVE-2012-3093 RESERVED CVE-2012-3092 RESERVED CVE-2012-3091 RESERVED CVE-2012-3090 RESERVED CVE-2012-3089 RESERVED CVE-2012-3088 (Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3. ...) NOT-FOR-US: Cisco AnyConnect Secure Mobility Client CVE-2012-3087 RESERVED CVE-2012-3086 RESERVED CVE-2012-3085 RESERVED CVE-2012-3084 RESERVED CVE-2012-3083 RESERVED CVE-2012-3082 RESERVED CVE-2012-3081 RESERVED CVE-2012-3080 RESERVED CVE-2012-3079 (Cisco IOS 12.2 allows remote attackers to cause a denial of service (C ...) NOT-FOR-US: Cisco IOS CVE-2012-3078 RESERVED CVE-2012-3077 RESERVED CVE-2012-3076 (The administrative web interface on Cisco TelePresence Recording Serve ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3075 (The administrative web interface on Cisco TelePresence Immersive Endpo ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3074 (An unspecified API on Cisco TelePresence Immersive Endpoint Devices be ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3073 (The IP implementation on Cisco TelePresence Multipoint Switch before 1 ...) NOT-FOR-US: Cisco Telepresence CVE-2012-3072 RESERVED CVE-2012-3071 RESERVED CVE-2012-3070 RESERVED CVE-2012-3069 RESERVED CVE-2012-3068 RESERVED CVE-2012-3067 RESERVED CVE-2012-3066 RESERVED CVE-2012-3065 RESERVED CVE-2012-3064 RESERVED CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5 ...) NOT-FOR-US: Cisco CVE-2012-3062 (Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) sn ...) NOT-FOR-US: Cisco IOS CVE-2012-3061 RESERVED CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers ...) NOT-FOR-US: Cisco Unity Connection CVE-2012-3059 RESERVED CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco CVE-2012-3057 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) p ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3056 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3055 (Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3054 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) p ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) pla ...) NOT-FOR-US: Cisco WebEx Player CVE-2012-3052 (Untrusted search path vulnerability in Cisco VPN Client 5.0 allows loc ...) NOT-FOR-US: Cisco VPN Client CVE-2012-3051 (Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote at ...) NOT-FOR-US: Cisco NX-OS CVE-2012-3050 RESERVED CVE-2012-3049 RESERVED CVE-2012-3048 RESERVED CVE-2012-3047 (Cross-site scripting (XSS) vulnerability in the web-wizard setup page ...) NOT-FOR-US: Cisco CVE-2012-3046 RESERVED CVE-2012-3045 RESERVED CVE-2012-3044 RESERVED CVE-2012-3043 RESERVED CVE-2012-3042 REJECTED CVE-2012-3041 RESERVED CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens ...) NOT-FOR-US: Siemens CVE-2012-3039 (Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with firmwa ...) NOT-FOR-US: Moxa OnCell Gateway CVE-2012-3038 RESERVED CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the priv ...) NOT-FOR-US: Siemens SIMATIC PLC CVE-2012-3036 REJECTED CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows ...) NOT-FOR-US: Emerson DeltaV CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...) NOT-FOR-US: Siemens WinCC CVE-2012-3033 REJECTED CVE-2012-3032 (SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 a ...) NOT-FOR-US: Siemens WinCC CVE-2012-3031 (Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in ...) NOT-FOR-US: Siemens WinCC CVE-2012-3030 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...) NOT-FOR-US: Siemens WinCC CVE-2012-3029 REJECTED CVE-2012-3028 (Cross-site request forgery (CSRF) vulnerability in WebNavigator in Sie ...) NOT-FOR-US: Siemens WinCC CVE-2012-3027 REJECTED CVE-2012-3026 (rifsrvd.exe in the Remote Interface Service in GE Intelligent Platform ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6 ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ( ...) NOT-FOR-US: Tridium Niagara AX Framework CVE-2012-3023 RESERVED CVE-2012-3022 (The SaveToFile method in a certain ActiveX control in TrendDisplay.dll ...) NOT-FOR-US: Canary Labs TrendLink CVE-2012-3021 (rifsrvd.exe in the Remote Interface Service in GE Intelligent Platform ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-3020 (The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW77 ...) NOT-FOR-US: Siemens Synco OZW Web Server CVE-2012-3019 RESERVED CVE-2012-3018 (The lockout-recovery feature in the Security Configurator component in ...) NOT-FOR-US: ICONICS GENESIS32 CVE-2012-3017 (Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote a ...) NOT-FOR-US: Siemens SIMATIC CVE-2012-3016 (Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 all ...) NOT-FOR-US: Siemens SIMATIC CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5. ...) NOT-FOR-US: Siemens SIMATIC CVE-2012-3014 (The Management Software application in GarrettCom Magnum MNS-6K before ...) NOT-FOR-US: GarrettCom Magnum MNS-6K CVE-2012-3013 (WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Indus ...) NOT-FOR-US: WAGO I/O System 758 CVE-2012-3012 (The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 ...) NOT-FOR-US: Arbiter Power Sentinel 1133A CVE-2012-3011 (Directory traversal vulnerability in the web server in Fultek WinTr Sc ...) NOT-FOR-US: Fultek WinTr Scada web server CVE-2012-3010 (rifsrvd.exe in the Remote Interface Service in GE Intelligent Platform ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, an ...) NOT-FOR-US: Siemens COMOS CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3. ...) NOT-FOR-US: OSIsoft PI OPC DA Interface CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wond ...) NOT-FOR-US: Invensys Wonderware SuiteLink CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before BD-10103 ...) NOT-FOR-US: Innominate mGuard Smart CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch 201 ...) NOT-FOR-US: Wonderwar CVE-2012-3004 (Multiple untrusted search path vulnerabilities in RealFlex RealWin bef ...) NOT-FOR-US: RealFlex RealWin CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in Sieme ...) NOT-FOR-US: WinCC CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allows rem ...) NOT-FOR-US: Foscam, Wansview IP cameras CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute arb ...) NOT-FOR-US: Mutiny Standard CVE-2012-3000 (Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSe ...) NOT-FOR-US: F5 BIG-IP CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) NOT-FOR-US: Cerberus FTP CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...) NOT-FOR-US: Trend Micro Control Manager CVE-2012-2997 (XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/s ...) NOT-FOR-US: F5 BIG-IP CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.i ...) NOT-FOR-US: Trend Micro CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Int ...) NOT-FOR-US: Trend Micro CVE-2012-2994 (The CoSoSys Endpoint Protector 4 appliance establishes an EPProot pass ...) NOT-FOR-US: CoSoSys Endpoint Protector CVE-2012-2993 (Microsoft Windows Phone 7 does not verify the domain name in the subje ...) NOT-FOR-US: Microsoft Windows Phone CVE-2012-2992 RESERVED CVE-2012-2991 (The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in o ...) NOT-FOR-US: PayPal module in osCommerce Online Merchant CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller ...) NOT-FOR-US: MarkAny ContentSAFER CVE-2012-2989 RESERVED CVE-2012-2988 RESERVED CVE-2012-2987 RESERVED CVE-2012-2986 (lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Applian ...) NOT-FOR-US: HP Virtual SAN Appliance CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in Cut ...) NOT-FOR-US: CuteSoft Cute Editor CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overv ...) NOT-FOR-US: Websense CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an aut ...) - webmin CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...) - webmin CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...) - webmin CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...) NOT-FOR-US: Samsung and HTC Android CVE-2012-2979 (FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child ...) - nsd3 (Debian version not affected) CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x bef ...) {DSA-2515-1} - nsd3 3.2.12-1 CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2975 (Cross-site scripting (XSS) vulnerability in the traffic overview page ...) NOT-FOR-US: F5 ASM CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers ...) NOT-FOR-US: SMC SMC8024L2 switch CVE-2012-2973 RESERVED CVE-2012-2972 (The (1) server and (2) agent components in CA ARCserve Backup r12.5, r ...) NOT-FOR-US: CA ARCserve Backup CVE-2012-2971 (The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does n ...) NOT-FOR-US: CA ARCserve Backup CVE-2012-2970 (The Synel SY-780/A Time & Attendance terminal allows remote attack ...) NOT-FOR-US: Synel terminal CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows remote a ...) NOT-FOR-US: Caucho Quercus CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as distributed in ...) NOT-FOR-US: Caucho Quercus CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not proper ...) NOT-FOR-US: Caucho Quercus CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entr ...) NOT-FOR-US: Caucho Quercus CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not proper ...) NOT-FOR-US: Caucho Quercus CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext creden ...) NOT-FOR-US: BreakingPoint Storm appliance CVE-2012-2963 (The administrative interface in the embedded web server on the Breakin ...) NOT-FOR-US: BreakingPoint Storm appliance CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutini ...) NOT-FOR-US: Dell SonicWALL Scrutinizer CVE-2012-2961 (SQL injection vulnerability in the management console in Symantec Web ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2960 (Cross-site scripting (XSS) vulnerability in the import functionality i ...) NOT-FOR-US: HP ArcSight Connector, ArcSight Logger CVE-2012-2959 (Cross-site request forgery (CSRF) vulnerability in password-manager/ch ...) NOT-FOR-US: BMC CVE-2012-2958 RESERVED CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2956 (SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote auth ...) NOT-FOR-US: SpiceWorks CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security CVE-2012-2954 RESERVED CVE-2012-2953 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 a ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier a ...) NOT-FOR-US: Jaow CVE-2012-2951 REJECTED CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local ...) NOT-FOR-US: Gateway Geomatics MapServer CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device use ...) NOT-FOR-US: Android CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...) {DSA-2493-1} - asterisk 1:1.8.13.0~dfsg-1 (bug #675210) CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-ce ...) {DSA-2493-1} - asterisk 1:1.8.13.0~dfsg-1 (bug #675204) CVE-2012-2946 RESERVED CVE-2012-2945 (Hadoop 1.0.3 contains a symlink vulnerability. ...) - hadoop (bug #535861) CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd ...) {DSA-2484-1} - nut 2.6.4-1 NOTE: https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542 CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in Cryptographp a ...) NOT-FOR-US: Cryptographp CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture functionalit ...) {DSA-2711-1} - haproxy 1.4.23-1 (bug #674447) NOTE: According to upstream information this only was fixed in 1.4.21 NOTE: only a issue if using non-default value for global.tune.bufsize configuration option NOTE: Reported as duplicate with CVE-2012-2391 http://seclists.org/oss-sec/2012/q2/417 CVE-2012-2941 (Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2 ...) NOT-FOR-US: Yandex.Server 2010 9.0 Enterprise CVE-2012-2940 (MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a den ...) NOT-FOR-US: MediaChance Real-DRAW PRO CVE-2012-2939 (Multiple unrestricted file upload vulnerabilities in Travelon Express ...) NOT-FOR-US: Travelon Express CVE-2012-2938 (Multiple cross-site scripting (XSS) vulnerabilities in Travelon Expres ...) NOT-FOR-US: Travelon Express CVE-2012-2937 (Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow ...) NOT-FOR-US: Pligg CVE-2012-2936 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS befor ...) NOT-FOR-US: Pligg CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Sh ...) NOT-FOR-US: OSCommerce Online Merchant CVE-2012-2934 (Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, ...) {DSA-2501-1} - xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 CVE-2012-2933 RESERVED CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) NOT-FOR-US: TinyWebGallery CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote authen ...) NOT-FOR-US: TinyWebGallery CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebG ...) NOT-FOR-US: TinyWebGallery CVE-2012-2929 RESERVED CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for ...) NOT-FOR-US: JIRA plugin CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and ...) NOT-FOR-US: Atlassian JIRA CVE-2012-2926 (Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0. ...) NOT-FOR-US: Atlassian JIRA CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 a ...) NOT-FOR-US: Simple PHP Agenda CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php in Hype ...) NOT-FOR-US: Hypermethod eLearning Server 4G CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod eLearning Serv ...) NOT-FOR-US: Hypermethod eLearning Server 4G CVE-2012-2922 (The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...) - drupal7 7.22-1 (unimportant) NOTE: Path disclosure irrelevant for Debian CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before 5.1 ...) - feedparser 5.1.2-1 (low; bug #674167) [squeeze] - feedparser (Minor issue) CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...) NOT-FOR-US: WordPress User Photo plugin CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto 1. ...) NOT-FOR-US: Chevereto CVE-2012-2918 (Cross-site scripting (XSS) vulnerability in Upload/engine.php in Cheve ...) NOT-FOR-US: Chevereto CVE-2012-2917 (Cross-site scripting (XSS) vulnerability in the Share and Follow plugi ...) NOT-FOR-US: WordPress Share and Follow plugin CVE-2012-2916 (Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in t ...) NOT-FOR-US: WordPress SABRE plugin CVE-2012-2915 (Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2. ...) NOT-FOR-US: Lattice Semiconductor PAC-Designer CVE-2012-2914 (Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimp ...) NOT-FOR-US: Unijimpe Captcha CVE-2012-2913 (Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plu ...) NOT-FOR-US: WordPress Leaflet plugin CVE-2012-2912 (Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManag ...) NOT-FOR-US: WordPress LeagueManager plugin CVE-2012-2911 (Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftwa ...) NOT-FOR-US: SiliSoftware backupDB CVE-2012-2910 (Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware ph ...) NOT-FOR-US: SiliSoftware phpThumb CVE-2012-2909 (Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1. ...) NOT-FOR-US: Viscacha CVE-2012-2908 (Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscach ...) NOT-FOR-US: Viscacha CVE-2012-2907 (Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb fu ...) NOT-FOR-US: Drupal Aberdeen theme CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recom ...) NOT-FOR-US: Artiphp CMS 5.5.0 Neo CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable ...) NOT-FOR-US: Artiphp CMS CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to conduc ...) NOT-FOR-US: LongTail JW Player CVE-2012-2903 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Boo ...) NOT-FOR-US: PHP Address Book CVE-2012-2902 (Unrestricted file upload vulnerability in editor/extensions/browser/fi ...) NOT-FOR-US: Joomla JCE CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the Jo ...) NOT-FOR-US: Joomla JCE CVE-2012-2900 (Skia, as used in Google Chrome before 22.0.1229.92, does not properly ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2899 (Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls ...) - chromium-browser (iOS-specific) CVE-2012-2898 (Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote ...) - chromium-browser (iOS-specific) CVE-2012-2897 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows S ...) - chromium-browser (Windows-specific) CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome before 2 ...) - chromium-browser (MacOS X-specific) CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79 allows remo ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle graphics-co ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before ...) {DSA-2555-1} - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser - libxslt 1.1.26-14 (bug #689422) CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79 allows att ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2890 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF viewer not included in Chromium) CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0. ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2888 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allo ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2887 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allo ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2886 (Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0. ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2885 (Double free vulnerability in Google Chrome before 22.0.1229.79 allows ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2884 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote atta ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote atta ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properl ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser - libav 6:0.8.5-1 (bug #694483) - ffmpeg (vulnerable code not present) NOTE: https://chromiumcodereview.appspot.com/10829204 NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272 CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, w ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote atta ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2879 (Google Chrome before 22.0.1229.79 allows remote attackers to cause a d ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2878 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allo ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2877 (The extension system in Google Chrome before 22.0.1229.79 does not pro ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2876 (Buffer overflow in the SSE2 optimization functionality in Google Chrom ...) - chromium-browser 22.0.1229.94~r161065-1 [squeeze] - chromium-browser CVE-2012-2875 (Multiple unspecified vulnerabilities in the PDF functionality in Googl ...) - chromium-browser (PDF viewer not included in Chromium) [squeeze] - chromium-browser CVE-2012-2874 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote atta ...) [squeeze] - chromium-browser - chromium-browser 22.0.1229.94~r161065-1 CVE-2012-2873 RESERVED CVE-2012-2872 (Cross-site scripting (XSS) vulnerability in an SSL interstitial page i ...) - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.11 ...) {DSA-2555-1} - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser - libxslt 1.1.26-14 (bug #689422) CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180. ...) {DSA-2555-1} - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser - libxslt 1.1.26-14 (bug #689422) CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which a ...) - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser CVE-2012-2868 (Race condition in Google Chrome before 21.0.1180.89 allows remote atta ...) - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser CVE-2012-2867 (The SPDY implementation in Google Chrome before 21.0.1180.89 allows re ...) - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser CVE-2012-2866 (Google Chrome before 21.0.1180.89 does not properly perform a cast of ...) - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser CVE-2012-2865 (Google Chrome before 21.0.1180.89 does not properly perform line break ...) - chromium-browser 21.0.1180.89~r154005-1 [squeeze] - chromium-browser CVE-2012-2864 (Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, C ...) - mesa 8.0.4-2 (bug #685667) [squeeze] - mesa (Vulnerable code not present) CVE-2012-2863 (The PDF functionality in Google Chrome before 21.0.1180.75 allows remo ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2862 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2861 RESERVED CVE-2012-2860 (The date-picker implementation in Google Chrome before 21.0.1180.57 on ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser NOTE: http://trac.webkit.org/changeset/122918 CVE-2012-2859 (Google Chrome before 21.0.1180.57 on Linux does not properly handle ta ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2858 (Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180. ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM i ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2856 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2855 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2854 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21 ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2853 (The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X an ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2852 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2851 (Multiple integer overflows in the PDF functionality in Google Chrome b ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2850 (Multiple unspecified vulnerabilities in the PDF functionality in Googl ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2849 (Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180. ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2848 (The drag-and-drop implementation in Google Chrome before 21.0.1180.57 ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2847 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21 ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly isolate r ...) - chromium-browser 21.0.1180.57~r148591 [squeeze] - chromium-browser CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in jpeg-data.c in ...) - exif 0.6.20-2 (low; bug #681465) [squeeze] - exif (Minor crasher) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does not pr ...) - chromium-browser CVE-2012-2843 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allo ...) - chromium-browser 20.0.1132.57~r145807-1 [squeeze] - chromium-browser CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allo ...) - chromium-browser 20.0.1132.57~r145807-1 [squeeze] - chromium-browser CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in exif-entry.c ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2840 (Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-en ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2839 RESERVED CVE-2012-2838 RESERVED CVE-2012-2837 (The mnote_olympus_entry_get_value function in olympus/mnote-olympus-en ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2836 (The exif_data_load_data function in exif-data.c in the EXIF Tag Parsin ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2835 RESERVED CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows remote at ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in Google Chrom ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2832 (The image-codec implementation in the PDF functionality in Google Chro ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array values, ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) imple ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2828 (Multiple integer overflows in the PDF functionality in Google Chrome b ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2827 (Use-after-free vulnerability in the UI in Google Chrome before 20.0.11 ...) - chromium-browser (MacOS specific) CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement texture ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43 allows rem ...) - libxslt 1.1.26-13 (low; bug #679283) [squeeze] - libxslt 1.1.26-6+squeeze1 CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43 allows remo ...) - chromium-browser (PDF functionality not present in Chromium) CVE-2012-2821 (The autofill implementation in Google Chrome before 20.0.1132.43 does ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement SVG filt ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in Google Chro ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allo ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly isolate ...) - chromium-browser (windows-only) CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to obtain po ...) - chromium-browser 20.0.1132.43~r143823-1 [squeeze] - chromium-browser CVE-2012-2814 (Buffer overflow in the exif_entry_format_value function in exif-entry. ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2813 (The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Ta ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2812 (The exif_entry_get_value function in exif-entry.c in the EXIF Tag Pars ...) {DSA-2559-1} - libexif 0.6.20-3 (bug #681454) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229 NOTE: http://seclists.org/oss-sec/2012/q3/74 CVE-2012-2811 RESERVED CVE-2012-2810 RESERVED CVE-2012-2809 RESERVED CVE-2012-2808 (The PRNG implementation in the DNS resolver in Bionic in Android befor ...) - iceweasel (Only affects 37.x; only on Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/ CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before ...) {DSA-2521-1} - libxml2 2.8.0+dfsg1-5 (bug #679280) NOTE: https://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626 CVE-2012-2806 (Heap-based buffer overflow in the get_sos function in jdmarker.c in li ...) - libjpeg-turbo (Fixed before initial release) CVE-2012-2805 (Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to ca ...) - ffmpeg 7:2.4.1-1 CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...) - ffmpeg 7:2.4.1-1 - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg (vulnerable code not present) CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in libavco ...) {DSA-2624-1} - ffmpeg 7:2.4.1-1 - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in libavcod ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, a ...) {DSA-2624-1} - libav 6:0.8.4-1 (bug #688847) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg bef ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in libavcodec/df ...) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in libav ...) - ffmpeg 7:2.4.1-1 - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg (vulnerable code not present) NOTE: patch proposed: http://patches.libav.org/patch/32642/ CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in libavcod ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in libavcodec ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2792 (Unspecified vulnerability in the decode_init function in libavcodec/wm ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr functi ...) - libav 6:0.8.5-1 (bug #688847) CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in libav ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in libavform ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) NOTE: contrary to the description, this issue is about the decode_subframe in libavcodec/wmaprodec.c CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in libavform ...) {DSA-2624-1} [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) - libav 6:0.8.4-1 (bug #688847) - ffmpeg 7:2.4.1-1 CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in libavcodec/i ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in libavcodec/df ...) - ffmpeg (bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...) - libav (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental) - ffmpeg (Vulnerable code not present) CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in libavcodec/cav ...) {DSA-2624-1} [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) - libav 6:0.8.4-1 (bug #688847) - ffmpeg 7:2.4.1-1 NOTE: duplicate of CVE-2012-2777 CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, ...) {DSA-2624-1} - ffmpeg 7:2.4.1-1 (bug #688849) - libav 6:0.8.5-1 (bug #688847) [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in libav ...) - libav (Doesn't affect libav) CVE-2012-2781 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...) - ffmpeg 7:2.4.1-1 CVE-2012-2780 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...) - ffmpeg 7:2.4.1-1 CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in libavcodec/i ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2778 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...) - ffmpeg 7:2.4.1-1 CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in libavcodec/cav ...) {DSA-2624-1} [squeeze] - ffmpeg 4:0.5.9-1 (bug #688849) - libav 6:0.8.4-1 (bug #688847) - ffmpeg 7:2.4.1-1 CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in libavcod ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in libav ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg be ...) - ffmpeg (there is no crash, just a couple uninitialized reads, harmless according to Janne) - libav (there is no crash, just a couple uninitialized reads, harmless according to Janne) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f NOTE: patch proposed: http://patches.libav.org/patch/32644/ CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...) - ffmpeg 7:2.4.1-1 CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in liba ...) - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg (Vulnerable code not present, bug #688849) - libav 6:0.8.4-1 (bug #688847) CVE-2012-2771 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact a ...) - ffmpeg 7:2.4.1-1 CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical Solu ...) - rt-authen-externalauth 0.10-2 (bug #683288) CVE-2012-2769 (Multiple cross-site scripting (XSS) vulnerabilities in the topic admin ...) - request-tracker4 4.0.6-1 NOTE: bundled in RT4 CVE-2012-2768 (Multiple cross-site scripting (XSS) vulnerabilities in the topic admin ...) {DSA-2535-1} - rtfm (bug #683290) - request-tracker4 4.0.6-1 NOTE: bundled in RT4 CVE-2012-2767 RESERVED CVE-2012-2766 RESERVED CVE-2012-2765 RESERVED CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before 20.0.1132. ...) - chromium-browser (Windows specific) CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tin ...) - gimp 2.8.0-1 (unimportant) NOTE: Only exploitable in rare/theoretical setups NOTE: https://www.openwall.com/lists/oss-security/2012/05/31/1 NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...) - serendipity (vulnerable code not present in 1.5.1, see bug #678139) CVE-2012-2761 RESERVED CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permissions ...) - libapache2-mod-auth-openid 0.7-0.1 (low; bug #674165) [squeeze] - libapache2-mod-auth-openid (Minor issue) CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...) NOT-FOR-US: Wordpress plugin CVE-2012-2758 RESERVED CVE-2012-2757 RESERVED CVE-2012-2756 RESERVED CVE-2012-2755 RESERVED CVE-2012-2754 RESERVED CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint Conne ...) NOT-FOR-US: Endpoint Connect CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5 ...) NOT-FOR-US: VMware CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly handle ...) {DSA-2506-1} - modsecurity-apache 2.6.6-1 (bug #678527) - libapache-mod-security (bug #678529) NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/1 NOTE: https://www.openwall.com/lists/oss-security/2012/06/22/2 CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown imp ...) {DSA-2780-1} - mysql-5.5 5.5.23-1 - mysql-5.1 NOTE: http://bugs.mysql.com/bug.php?id=59533 NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authen ...) {DSA-2496-1} - mysql-5.1 - mysql-5.5 5.5.24+dfsg-1 CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...) NOT-FOR-US: Joomla! CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...) NOT-FOR-US: Joomla! CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server bef ...) - 389-ds-base (Fixed before initial upload) CVE-2012-2745 (The copy_creds function in kernel/cred.c in the Linux kernel before 3. ...) - linux 3.2.15-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6 ...) - linux 2.6.34-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-36 CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing a ...) - revelation 0.4.11-10 (low; bug #633088) [squeeze] - revelation (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1 CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...) - revelation 0.4.11-10 (bug #633088) [squeeze] - revelation (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2012/06/18/1 CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ i ...) - phplist (bug #612288) CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList befo ...) - phplist (bug #612288) CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 an ...) - openjdk-6 (unimportant) - openjdk-7 (unimportant) NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html NOTE: https://www.openwall.com/lists/oss-security/2012/06/15/12 NOTE: https://www.openwall.com/lists/oss-security/2012/06/17/1 CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote au ...) - vte 1:0.28.2-5 (bug #677717) - vte3 1:0.32.2-1 [squeeze] - vte 1:0.24.3-4 CVE-2012-2737 (The user_change_icon_file_authorized_cb function in /usr/libexec/accou ...) - accountsservice 0.6.21-6 (bug #679429) NOTE: https://www.openwall.com/lists/oss-security/2012/06/28/9 NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532 CVE-2012-2736 (In NetworkManager 0.9.2.0, when a new wireless network was created wit ...) - network-manager 0.9.4.0-1 (low; bug #655972) [squeeze] - network-manager 0.8.1-6+squeeze2 CVE-2012-2735 (Session fixation vulnerability in Cumin before 0.1.5444, as used in Re ...) NOT-FOR-US: Cumin CVE-2012-2734 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin be ...) NOT-FOR-US: Cumin CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP ...) - tomcat6 6.0.35-5+nmu1 (bug #692439) [squeeze] - tomcat6 6.0.35-1+squeeze3 NOTE: DSA 2725 - tomcat7 7.0.28-1 (bug #692440) CVE-2012-2732 REJECTED CVE-2012-2731 (The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PH ...) NOT-FOR-US: Drupal module CVE-2012-2730 (The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not p ...) NOT-FOR-US: Drupal module CVE-2012-2729 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Simp ...) NOT-FOR-US: Drupal module CVE-2012-2728 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...) NOT-FOR-US: Drupal module CVE-2012-2727 (Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and ...) NOT-FOR-US: Drupal module CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x ...) NOT-FOR-US: Drupal module CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML mod ...) NOT-FOR-US: Drupal module CVE-2012-2724 (The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-a ...) NOT-FOR-US: Drupal module CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...) NOT-FOR-US: Drupal module CVE-2012-2722 (The node selection interface in the WYSIWYG editor (CKEditor) in the N ...) NOT-FOR-US: Drupal module CVE-2012-2721 (The default views in the Organic Groups (OG) module 6.x-2.x before 6.x ...) NOT-FOR-US: Drupal module CVE-2012-2720 (The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for ...) NOT-FOR-US: Drupal module CVE-2012-2719 (The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed ...) NOT-FOR-US: Drupal module CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows re ...) NOT-FOR-US: Drupal module CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tool ...) NOT-FOR-US: Drupal module CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment Moderat ...) NOT-FOR-US: Drupal module CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...) NOT-FOR-US: Drupal module CVE-2012-2714 (The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drup ...) NOT-FOR-US: Drupal module CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozi ...) NOT-FOR-US: Drupal module CVE-2012-2712 (Multiple cross-site scripting (XSS) vulnerabilities in the Search API ...) NOT-FOR-US: Drupal module CVE-2012-2711 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Li ...) NOT-FOR-US: Drupal module CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x bef ...) NOT-FOR-US: Drupal module CVE-2012-2709 REJECTED CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the _hosting_task_log_tabl ...) NOT-FOR-US: Drupal module CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does n ...) NOT-FOR-US: Drupal module CVE-2012-2706 (Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PA ...) NOT-FOR-US: Drupal module CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module 6.x-1.x befo ...) NOT-FOR-US: Drupal module CVE-2012-2704 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not pr ...) NOT-FOR-US: Drupal Module CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement module 6 ...) NOT-FOR-US: Drupal module CVE-2012-2702 (The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal doe ...) NOT-FOR-US: Drupal module CVE-2012-2701 REJECTED CVE-2012-2700 REJECTED CVE-2012-2699 REJECTED CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage function in ...) [squeeze] - mediawiki (bug #677895; only affects experimental version 1.9.0) - mediawiki 1:1.19.1-1 CVE-2012-2697 (Unspecified vulnerability in autofs, as used in Red Hat Enterprise Lin ...) - autofs 5.0.6-1 NOTE: Fixed upstream with "fix paged ldap map read" CVE-2012-2696 (The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) befo ...) NOT-FOR-US: Red Hat Enterprise Virtualisation CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x befo ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) CVE-2012-2694 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) CVE-2012-2693 (libvirt, possibly before 0.9.12, does not properly assign USB devices ...) - libvirt 0.9.12-1 (bug #677496) [squeeze] - libvirt (Unsupported in squeeze-lts) CVE-2012-2692 (MantisBT before 1.2.11 does not check the delete_attachments_threshold ...) {DSA-2500-1} - mantis 1.2.11-1 (bug #676783) CVE-2012-2691 (The mc_issue_note_update function in the SOAP API in MantisBT before 1 ...) - mantis 1.2.11-1 (bug #676783) [squeeze] - mantis (according to maintainer) CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the permission ...) - libguestfs 1:1.18.0-1 NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642 NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/1 NOTE: https://www.openwall.com/lists/oss-security/2012/06/11/5 CVE-2012-2689 REJECTED CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the s ...) {DSA-2527-1} - php5 5.4.4-4 (low; bug #683274) CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ...) - apache2 2.2.22-8 (low) [squeeze] - apache2 2.2.16-6+squeeze8 CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TL ...) - openssl 1.0.1e-1 (bug #699889) [squeeze] - openssl (Vulnerable code not present) NOTE: DoS in specific protocol + cpu type combination CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...) NOT-FOR-US: Cumin CVE-2012-2684 (Multiple SQL injection vulnerabilities in the get_sample_filters_by_si ...) NOT-FOR-US: Cumin CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0. ...) NOT-FOR-US: Cumin CVE-2012-2682 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...) NOT-FOR-US: Cumin CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...) NOT-FOR-US: Cumin CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realti ...) NOT-FOR-US: Cumin CVE-2012-2679 (Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg b ...) NOT-FOR-US: Red Hat Network configuration client CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server bef ...) - 389-ds-base (Fixed before initial upload) CVE-2012-2677 (Integer overflow in the ordered_malloc function in boost/pool/pool.hpp ...) - boost1.42 (low; bug #688331) [squeeze] - boost1.42 (Minor issue) - boost1.49 1.49.0-3.1 (low; bug #677197) CVE-2012-2676 (Multiple integer overflows in the (1) malloc and (2) calloc functions ...) NOT-FOR-US: Hoard memory allocator CVE-2012-2675 (Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedp ...) NOT-FOR-US: nedmalloc CVE-2012-2674 (Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and ...) NOT-FOR-US: Android libc CVE-2012-2673 (Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc ...) - libgc 1:7.1-9 (bug #677195) [squeeze] - libgc 1:6.8-2 CVE-2012-2672 (Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext ref ...) - mojarra 2.2.8-1 (bug #677194) [wheezy] - mojarra (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian) [squeeze] - mojarra (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian) CVE-2012-2671 (The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other ...) NOTE: https://github.com/rtomayko/rack-cache/blob/master/CHANGES - ruby-rack-cache 1.2-1 CVE-2012-2670 (manageuser.php in Collabtive before 0.7.6 allows remote authenticated ...) - collabtive 0.7.6-1 (bug #676311) NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded NOTE: http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html NOTE: http://www.collabtive.o-dyn.de/blog/?p=426 CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distri ...) - linux 3.2.23-1 [squeeze] - linux-2.6 (userspace daemon not yet present) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=761200 CVE-2012-2668 (libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, wh ...) - openldap (OpenLDAP in Debian uses GNUTLS instead of Mozilla NSS) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=825875 NOTE: http://www.openldap.org/its/index.cgi?findid=7285 NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2c2bb2e CVE-2012-2667 (Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.p ...) NOT-FOR-US: Symfony NOTE: https://bugs.gentoo.org/show_bug.cgi?id=418427 NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466 CVE-2012-2666 (golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/ ...) NOT-FOR-US: Historic Go issue CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ta ...) {DSA-2520-1} - libreoffice 1:3.5.4-7 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29 does no ...) NOT-FOR-US: sosreport (Red Hat tool) CVE-2012-2663 (extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP S ...) - iptables (unimportant; bug #675445) CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certifi ...) NOT-FOR-US: Red Hat Certificate System CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1. ...) - rails (Doesn't affects RoR in Squeeze) - ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429) NOTE: http://seclists.org/oss-sec/2012/q2/448 CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...) - ruby-activerecord-3.2 3.2.6-1 (bug #675429) NOTE: http://seclists.org/oss-sec/2012/q2/449 CVE-2012-2659 REJECTED CVE-2012-2658 - unixodbc 2.3.6-0.1 (unimportant; bug #675058) NOTE: Only triggerable by trusted input, not a security issue CVE-2012-2657 - unixodbc 2.3.6-0.1 (unimportant; bug #675058) NOTE: Only triggerable by trusted input, not a security issue CVE-2012-2656 (An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endp ...) - restlet (bug #596472) CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0. ...) {DSA-2491-1} - postgresql-9.1 9.1.4-1 - postgresql-8.4 8.4.12-1 CVE-2012-2654 (The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2 ...) - nova 2012.1-6 (bug #676465) CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly othe ...) {DSA-2481-1} - arpwatch 2.1a15-1.2 (bug #674715) NOTE: Debian build includes the vulnerable patch (in .diff.gz) CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the failur ...) {DSA-2545-1 DSA-2542-1} - qemu 1.1.0+dfsg-1 (bug #678280) - qemu-kvm 1.1.0+dfsg-1 CVE-2012-2651 RESERVED CVE-2012-2650 RESERVED CVE-2012-2649 (The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile ...) NOT-FOR-US: Sleipnir Mobile CVE-2012-2648 (Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 an ...) NOT-FOR-US: GoodReader CVE-2012-2647 (Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote ...) NOT-FOR-US: Yahoo! Toolbar CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black ...) NOT-FOR-US: Sleipnir Mobile CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Andr ...) NOT-FOR-US: The Yahoo! Japan Yahoo! Browser application CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...) NOT-FOR-US: Movable Type MT4i plugin CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6 ...) NOT-FOR-US: KENT-WEB YY-BOARD CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...) NOT-FOR-US: Movable Type MT4i plugin CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allo ...) NOT-FOR-US: Zenphoto CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Andr ...) NOT-FOR-US: The NEC BIGLOBE Yome Collection CVE-2012-2639 REJECTED CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...) NOT-FOR-US: SmallPICT CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 an ...) NOT-FOR-US: KENT-WEB WEB PATIO CVE-2012-2636 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 an ...) NOT-FOR-US: KENT-WEB WEB PATIO CVE-2012-2635 (The Dolphin Browser HD application before 7.6 and Dolphin for Pad appl ...) NOT-FOR-US: Dolphin CVE-2012-2634 (Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when ...) NOT-FOR-US: FeedDemon CVE-2012-2633 (Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp p ...) NOT-FOR-US: WassUp CVE-2012-2632 (SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 th ...) NOT-FOR-US: SEIL routers CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart ...) NOT-FOR-US: WEBLOGIC CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for Andr ...) NOT-FOR-US: Puella Magi Madoka Magica iP (Android application) CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site scripting (X ...) NOT-FOR-US: Axous CVE-2012-2628 RESERVED CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell So ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell S ...) NOT-FOR-US: Plixer Scrutinizer CVE-2012-2625 (The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1a ...) {DSA-2636-1} - xen 4.1.3-4 (low; bug #688125) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625 CVE-2012-2624 (Stack-based buffer overflow in Logica HotScan allows remote attackers ...) NOT-FOR-US: Logica HotScan CVE-2012-XXXX [two XSS] - spip 2.1.14-1 (low; bug #672961) [squeeze] - spip 2.1.1-3squeeze4 CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, a ...) NOT-FOR-US: Oracle Database CVE-2012-2623 RESERVED CVE-2012-2622 RESERVED CVE-2012-2621 RESERVED CVE-2012-2620 RESERVED CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, ...) - firmware-nonfree (Affects different chipset combination, see bug #694716) CVE-2012-2618 RESERVED CVE-2012-2617 RESERVED CVE-2012-2616 RESERVED CVE-2012-2615 REJECTED CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 ...) NOT-FOR-US: Lattice Diamond Programmer CVE-2012-2613 RESERVED CVE-2012-2612 (The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.7 ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2611 (The DiagTraceR3Info function in the Dialog processor in disp+work.exe ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2610 RESERVED CVE-2012-2609 RESERVED CVE-2012-2608 RESERVED CVE-2012-2607 (The Johnson Controls CK721-A controller with firmware before SSM4388_0 ...) NOT-FOR-US: The Johnson Controls CK721-A CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not require aut ...) NOT-FOR-US: Bradford Network Sentry CVE-2012-2605 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: Bradford Network Sentry CVE-2012-2604 (Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp ...) NOT-FOR-US: Bradford Network Sentry CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote authen ...) NOT-FOR-US: CollabNet ScrumWorks Pro CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWin ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsU ...) NOT-FOR-US: Ipswitch WhatsUp Gold CVE-2012-2600 RESERVED CVE-2012-2599 REJECTED CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 t ...) NOT-FOR-US: Siemens WinCC CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 ...) NOT-FOR-US: Siemens WinCC CVE-2012-2596 (The XPath functionality in unspecified web applications in Siemens Win ...) NOT-FOR-US: Siemens WinCC CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified web ...) NOT-FOR-US: Siemens WinCC CVE-2012-2594 RESERVED CVE-2012-2593 (Cross-site scripting (XSS) vulnerability in the administrative interfa ...) NOT-FOR-US: Atmail Webmail Server CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 a ...) NOT-FOR-US: AXIGEN Mail Server CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...) NOT-FOR-US: EmailArchitect CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPo ...) NOT-FOR-US: ESCON SupportPortal Professional Edition CVE-2012-2589 REJECTED CVE-2012-2588 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Ente ...) NOT-FOR-US: MailEnable Enterprise CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic Mail ...) NOT-FOR-US: AfterLogic MailSuite Pro CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3 ...) NOT-FOR-US: Mailtraq CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Se ...) NOT-FOR-US: ManageEngine ServiceDesk Plus CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon F ...) NOT-FOR-US: Alt-N MDaemon Free CVE-2012-2583 (Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget ...) NOT-FOR-US: WordPress plugin Mini Mail Dashboard Widget CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Req ...) {DSA-2536-1} - otrs2 3.1.7+dfsg1-4 CVE-2012-2581 RESERVED CVE-2012-2580 (Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, a ...) NOT-FOR-US: WordPress plugin Postie CVE-2012-2579 (Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMa ...) NOT-FOR-US: WordPress plugin SimpleMail CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...) NOT-FOR-US: SmarterMail CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orio ...) NOT-FOR-US: SolarWinds Orion Network Performance Monitor CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in SolarWinds Sto ...) NOT-FOR-US: SolarWinds CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 all ...) NOT-FOR-US: NetWin SurgeMail CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3 ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-2572 (Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflecto ...) NOT-FOR-US: WordPress plugin ThreeWP Email Reflector CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Serv ...) NOT-FOR-US: WinWebMail CVE-2012-2570 (Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart ...) NOT-FOR-US: X-Cart Gold CVE-2012-2569 (Cross-site scripting (XSS) vulnerability in Synametrics Technologies X ...) NOT-FOR-US: Synametrics Technologies Xeams CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web server on t ...) NOT-FOR-US: Seagate BlackArmor CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses h ...) NOT-FOR-US: Xelex MobileTrack application CVE-2012-2566 (Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwar ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2565 (Bloxx Web Filtering before 5.0.14 does not use a salt during calculati ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2564 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filte ...) NOT-FOR-US: Bloxx Web Filtering CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android does n ...) NOT-FOR-US: Xelex MobileTrack application CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict t ...) NOT-FOR-US: HP Business Service Management CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows r ...) NOT-FOR-US: WellinTech KingView CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute arbitr ...) NOT-FOR-US: WellinTech KingHistorian CVE-2012-2558 RESERVED CVE-2012-2557 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...) NOT-FOR-US: Internet Explorer CVE-2012-2556 (The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-2555 REJECTED CVE-2012-2554 REJECTED CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report Mana ...) NOT-FOR-US: Microsoft SQL Server CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...) NOT-FOR-US: Microsoft Windows Server CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or ...) NOT-FOR-US: Microsoft Works CVE-2012-2549 (The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 20 ...) NOT-FOR-US: Windows Server CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Internet Explorer CVE-2012-2547 REJECTED CVE-2012-2546 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Internet Explorer CVE-2012-2545 REJECTED CVE-2012-2544 REJECTED CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 20 ...) NOT-FOR-US: Microsoft Excel CVE-2012-2542 REJECTED CVE-2012-2541 REJECTED CVE-2012-2540 REJECTED CVE-2012-2539 (Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; ...) NOT-FOR-US: Microsoft Office CVE-2012-2538 REJECTED CVE-2012-2537 REJECTED CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems Manageme ...) NOT-FOR-US: Microsoft Systems Management Server CVE-2012-2535 REJECTED CVE-2012-2534 REJECTED CVE-2012-2533 REJECTED CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (I ...) NOT-FOR-US: Microsoft FTP Service CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak permission ...) NOT-FOR-US: Microsoft IIS CVE-2012-2530 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2529 (Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Wi ...) NOT-FOR-US: Microsoft Windows CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and ...) NOT-FOR-US: Microsoft Word CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft Windows CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-2525 REJECTED CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...) NOT-FOR-US: Microsoft Office CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP ...) NOT-FOR-US: Microsoft Infopath CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in ...) NOT-FOR-US: Microsoft .NET framework CVE-2012-2518 REJECTED CVE-2012-2517 (Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 al ...) NOT-FOR-US: PrestaShop CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...) NOT-FOR-US: KeyWorks not in Debian CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...) NOT-FOR-US: KeyWorks not in Debian CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 72 ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.1 ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2512 (The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 72 ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2511 (The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200 ...) NOT-FOR-US: SAP NetWeaver CVE-2012-2510 RESERVED CVE-2012-2509 RESERVED CVE-2012-2508 RESERVED CVE-2012-2507 RESERVED CVE-2012-2506 RESERVED CVE-2012-2505 RESERVED CVE-2012-2504 RESERVED CVE-2012-2503 RESERVED CVE-2012-2502 RESERVED CVE-2012-2501 RESERVED CVE-2012-2500 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not ...) NOT-FOR-US: Cisco CVE-2012-2499 (The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3. ...) NOT-FOR-US: Cisco CVE-2012-2498 (Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ...) NOT-FOR-US: Cisco CVE-2012-2497 REJECTED CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the WebL ...) NOT-FOR-US: Cisco CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure Mobi ...) NOT-FOR-US: Cisco CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco An ...) NOT-FOR-US: Cisco CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco An ...) NOT-FOR-US: Cisco CVE-2012-2492 RESERVED CVE-2012-2491 RESERVED CVE-2012-2490 (Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify ...) NOT-FOR-US: Cisco CVE-2012-2489 RESERVED CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series de ...) NOT-FOR-US: Cisco IOS CVE-2012-2487 RESERVED CVE-2012-2486 (The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresenc ...) NOT-FOR-US: Cisco Telepresence CVE-2012-2485 RESERVED CVE-2012-2484 RESERVED CVE-2012-2483 RESERVED CVE-2012-2482 RESERVED CVE-2012-2481 RESERVED CVE-2012-2480 RESERVED CVE-2012-2479 RESERVED CVE-2012-2478 RESERVED CVE-2012-2477 RESERVED CVE-2012-2476 RESERVED CVE-2012-2475 RESERVED CVE-2012-2474 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series de ...) NOT-FOR-US: Cisco CVE-2012-2473 RESERVED CVE-2012-2472 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2012-2471 RESERVED CVE-2012-2470 RESERVED CVE-2012-2469 (Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when ...) NOT-FOR-US: Cisco CVE-2012-2468 RESERVED CVE-2012-2467 RESERVED CVE-2012-2466 RESERVED CVE-2012-2465 RESERVED CVE-2012-2464 RESERVED CVE-2012-2463 RESERVED CVE-2012-2462 RESERVED CVE-2012-2461 RESERVED CVE-2012-2460 RESERVED CVE-2012-2459 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5 ...) - bitcoin 0.6.2.1-1 NOTE: https://bitcointalk.org/index.php?topic=81749.0 CVE-2012-2458 RESERVED CVE-2012-2457 RESERVED CVE-2012-2456 REJECTED CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not valida ...) NOT-FOR-US: Advanced Productivity Software DTE Axiom CVE-2012-2454 RESERVED CVE-2012-2453 RESERVED CVE-2012-2452 (Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x be ...) NOT-FOR-US: pragmaMx CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...) NOT-FOR-US: VMware CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, V ...) NOT-FOR-US: VMware CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attac ...) NOT-FOR-US: VMware CVE-2012-2447 (Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupd ...) NOT-FOR-US: Netsweeper WebAdmin Portal CVE-2012-2446 (Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in ...) NOT-FOR-US: Netsweeper WebAdmin Portal CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary fil ...) - libconfig-inifiles-perl 2.72-1 (bug #671255; low) [squeeze] - libconfig-inifiles-perl 2.52-1+squeeze1 NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59 NOTE: http://seclists.org/oss-sec/2012/q2/225 CVE-2012-2445 RESERVED CVE-2012-2444 RESERVED CVE-2012-2443 RESERVED CVE-2012-2442 (Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and ...) NOT-FOR-US: Nokia PC Suite CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory accou ...) NOT-FOR-US: RuggedCom Rugged Operating System CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables web-base ...) NOT-FOR-US: TP-Link router CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall enab ...) NOT-FOR-US: NETGEAR appliance CVE-2012-2438 (ar web content manager (AWCM) 2.2 does not restrict the number of comm ...) NOT-FOR-US: ar web content manager CVE-2012-2437 (cookie_gen.php in ar web content manager (AWCM) 2.2 does not require a ...) NOT-FOR-US: ar web content manager CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS befor ...) NOT-FOR-US: Pligg CVE-2012-2435 (Directory traversal vulnerability in the captcha module in Pligg CMS b ...) NOT-FOR-US: Pligg CVE-2012-2434 RESERVED CVE-2012-2433 RESERVED CVE-2012-2432 RESERVED CVE-2012-2431 RESERVED CVE-2012-2430 RESERVED CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read operation, ...) NOT-FOR-US: xArrow CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows remote at ...) NOT-FOR-US: xArrow CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1 allows ...) NOT-FOR-US: xArrow CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate memory, w ...) NOT-FOR-US: xArrow CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...) NOT-FOR-US: Intuit CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...) NOT-FOR-US: Intuit CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...) NOT-FOR-US: Intuit CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers to ob ...) NOT-FOR-US: Intuit CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka Intuit ...) NOT-FOR-US: Intuit CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) han ...) NOT-FOR-US: Intuit CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggabl ...) NOT-FOR-US: Intuit CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System ...) NOT-FOR-US: Intuit CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when us ...) {DSA-2502-1} - python-crypto 2.6-1 NOTE: https://bugs.launchpad.net/pycrypto/+bug/985164 CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...) NOT-FOR-US: Joomla template CVE-2012-2412 REJECTED CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealP ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2409 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2408 (The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2407 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 throug ...) NOT-FOR-US: RealPlayer CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...) - gallery2 CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite redire ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to enabl ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote authentic ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPres ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2399 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...) {DSA-2470-1} - wordpress 3.3.2+dfsg-1 (bug #670124) CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x bef ...) - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) [squeeze] - asterisk (Vulnerable code not present) CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny channel driv ...) {DSA-2460-1} - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2. ...) {DSA-2460-1} - asterisk 1:1.8.11.1~dfsg-1 (bug #670180) CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...) - owncloud 3.0.3-1 CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0 ...) - owncloud 3.0.3-1 CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a den ...) - vlc (Not used, see bug #671727) - taglib 1.7.2-1 (unimportant) CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...) - cobbler (Fixed before initial upload) CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and ...) - wireshark 1.6.8-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824419 CVE-2012-2393 (epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wiresha ...) - wireshark 1.6.8-1 (unimportant) NOTE: Not suitable for code injection NOTE: http://www.wireshark.org/security/wnpa-sec-2012-09.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824413 CVE-2012-2392 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote att ...) - wireshark 1.6.8-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805 Squeeze: vulnerable code not present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120 Squeeze: vulnerable code not present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122 Squeeze: vulnerable code present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124 Squeeze: vulnerable code not present NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 is CVE-2012-3825 and CVE-2012-3826 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824411 CVE-2012-2391 REJECTED CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows lo ...) - linux 3.2.19-1 (low) - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permi ...) - hostapd (Debian package provides no default config file) - wpa (Debian package provides no default config file) CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attacke ...) {DSA-2483-1} - strongswan 4.5.2-1.4 CVE-2012-2387 (devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random nu ...) - devotee (bug #470995) CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the ph ...) {DSA-2492-1} - php5 5.4.4~rc1-1 CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote authenticat ...) - mosh 1.2.1-1 (low; bug #673871) [squeeze] - mosh 1.2.1-1 (low; bug #673871) NOTE: https://github.com/keithw/mosh/issues/271 NOTE: https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e CVE-2012-2384 (Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu ...) - linux-2.6 3.2.17-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-2383 (Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/d ...) - linux-2.6 3.2.17-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-2382 REJECTED CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller b ...) NOT-FOR-US: Apache Roller CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the admi ...) NOT-FOR-US: Apache Roller CVE-2012-2379 (Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2. ...) NOT-FOR-US: Apache CXF CVE-2012-2378 (Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before ...) NOT-FOR-US: Apache CXF CVE-2012-2377 (JGroups diagnostics service in JBoss Enterprise Portal Platform before ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ea ...) - php5 (Windows-specific vulnerability) CVE-2012-2375 (The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 ...) - linux 3.2.19-1 - linux-2.6 [squeeze] - linux-2.6 (Incomplete patch was not released) CVE-2012-2374 (CRLF injection vulnerability in the tornado.web.RequestHandler.set_hea ...) - python-tornado 2.1.0-3 (low; bug #673987) [squeeze] - python-tornado (Vulnerable code not present) CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical Addre ...) - linux-2.6 3.2.19-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram ...) - linux 3.11.10-1 (unimportant) [wheezy] - linux 3.2.53-1 NOTE: rds is not included in distributed kernel images, only marked as "experimental" CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceTh ...) NOT-FOR-US: WP-FaceThumb plugin for WordPress CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in io ...) - gdk-pixbuf 2.26.1-1 (low) CVE-2012-2369 (Format string vulnerability in the log_message_cb function in otr-plug ...) {DSA-2476-1} - pidgin-otr 3.2.1-1 (medium; bug #673154) NOTE: libotr not affected CVE-2012-2368 (Bytemark Symbiosis before Revision 1322 does not properly validate pas ...) NOT-FOR-US: Bytemark Symbiosis CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, an ...) - moodle 2.2.3.dfsg-1 (low; bug #674163) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2. ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2365 (Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2364 (Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2363 (SQL injection vulnerability in calendar/event.php in the calendar impl ...) - moodle 2.0-1 (bug #674163) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 NOTE: Only affects Moodle 1.9.x CVE-2012-2362 (Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog i ...) - moodle 2.0-1 (bug #674163) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 NOTE: Only affects Moodle 1.9.x CVE-2012-2361 (Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2360 (Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Mood ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2359 (admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2. ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2358 (Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.0 to 2.2) CVE-2012-2357 (The Multi-Authentication feature in the Central Authentication Service ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2356 (The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2355 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2354 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...) - moodle 2.2.3.dfsg-1 (bug #674163) [squeeze] - moodle (Only affects 2.1 to 2.2) CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...) {DSA-2477-1} - sympa 6.1.11~dfsg-1 (bug #672893; high) NOTE: https://www.openwall.com/lists/oss-security/2012/05/12/8 CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before 1.4 ...) {DSA-2467-1} - mahara 1.4.2-1 CVE-2012-2350 (pam_shield before 0.9.4: Default configuration does not perform protec ...) - pam-shield 0.9.2-3.3 (low; bug #658830) [squeeze] - pam-shield 0.9.2-3.3~squeeze1 CVE-2012-2349 REJECTED CVE-2012-2348 REJECTED CVE-2012-2347 REJECTED CVE-2012-2346 REJECTED CVE-2012-2345 REJECTED CVE-2012-2344 REJECTED CVE-2012-2343 REJECTED CVE-2012-2342 REJECTED CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control mo ...) NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Take Control CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not sp ...) NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Contact Forms CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1. ...) NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/6 NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/2 NOT-FOR-US: Drupal Glossary CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette 0 ...) NOT-FOR-US: Galette NOTE: http://redmine.ulysses.fr/issues/250 NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba NOTE: https://www.openwall.com/lists/oss-security/2012/05/10/5 NOTE: https://www.openwall.com/lists/oss-security/2012/05/11/1 CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does no ...) {DSA-2478-1} - sudo 1.8.3p2-1.1 (bug #673766) CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...) - php5 5.4.3 (unimportant) NOTE: Rather harmless bug CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, whic ...) NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311 CVE-2012-2334 (Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice. ...) {DSA-2487-1} - libreoffice 1:3.5.2~rc2-1 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package CVE-2012-2333 (Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1 ...) {DSA-2475-1} - openssl 1.0.1c-1 (bug #672452) NOTE: http://seclists.org/oss-sec/2012/q2/299 NOTE: http://www.openssl.org/news/secadv/20120510.txt CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in Se ...) - serendipity (bug #671937; low) [squeeze] - serendipity (Minor issue) NOTE: http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276 CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in serendipity/serendipity_ad ...) - serendipity (bug #671937; low) [squeeze] - serendipity (Minor issue) NOTE: http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276 CVE-2012-2330 (The Update method in src/node_http_parser.cc in Node.js before 0.6.17 ...) - nodejs 0.6.17~dfsg1-1 NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/ NOTE: https://github.com/joyent/node/commit/c9a231d CVE-2012-2329 (Buffer overflow in the apache_request_headers function in sapi/cgi/cgi ...) - php5 5.4.3-1 [squeeze] - php5 (Vulnerable code not present) NOTE: 5.4.x only CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrume ...) NOT-FOR-US: sblim CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obt ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel (A ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in t ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ NOTE: https://www.openwall.com/lists/oss-security/2012/05/07/14 CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) b ...) NOT-FOR-US: MyBB CVE-2012-2323 REJECTED CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c i ...) - connman 1.0-1 (bug #672989) [squeeze] - connman (Vulnerable code not present) CVE-2012-2321 (The loopback plug-in in ConnMan before 0.85 allows remote attackers to ...) - connman 1.0-1 (low; bug #672989) [squeeze] - connman (Minor issue) CVE-2012-2320 (ConnMan before 0.85 does not ensure that netlink messages originate fr ...) - connman 1.0-1 (low; bug #672989) [squeeze] - connman (Minor issue) CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in ...) - linux 3.2.17-1 (low) - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...) - pidgin 2.10.4-1 [squeeze] - pidgin (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE) CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in th ...) - php5 5.3.6-1 (bug #581170) [squeeze] - php5 5.3.3-7+squeeze4 CVE-2012-2316 (Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthS ...) NOT-FOR-US: OpenKM CVE-2012-2315 (admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not ...) NOT-FOR-US: OpenKM CVE-2012-2314 (The bootloader configuration module (pyanaconda/bootloader.py) in Anac ...) NOT-FOR-US: The anaconda installer CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Lin ...) - linux 3.2.19-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2312 (An Elevated Privileges issue exists in JBoss AS 7 Community Release du ...) - jbossas4 (Only affects JBoss 7) CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...) {DSA-2465-1} - php5 5.4.3-1 (bug #671880) NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823 NOTE: http://www.kb.cert.org/vuls/id/520827 CVE-2012-2310 (Cross-site scripting (XSS) vulnerability in the cctags module for Drup ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2309 (Cross-site scripting (XSS) vulnerability in the Glossify Internal Link ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2308 (Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalo ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2307 (Cross-site request forgery (CSRF) vulnerability in the Addressbook mod ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2306 (SQL injection vulnerability in the Addressbook module for Drupal 6.x-4 ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node Gallery mo ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2304 (The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an ent ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce p ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2301 (The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote au ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart mo ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2299 (The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the RealName mo ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the Creative Co ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x b ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2295 REJECTED CVE-2012-2294 (EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2293 (Directory traversal vulnerability in EMC RSA Archer SmartSuite Framewo ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2292 (The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Frame ...) NOT-FOR-US: EMC RSA Archer CVE-2012-2291 (EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC ...) NOT-FOR-US: EMC Avamar CVE-2012-2290 (The client in EMC NetWorker Module for Microsoft Applications (NMM) 2. ...) NOT-FOR-US: EMC NetWorker Module for Microsoft Applications CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender W ...) NOT-FOR-US: EMC CVE-2012-2288 (Format string vulnerability in the nsrd RPC service in EMC NetWorker 7 ...) NOT-FOR-US: EMC NetWorker CVE-2012-2287 (The authentication functionality in EMC RSA Authentication Agent 7.1 a ...) NOT-FOR-US: EMC RSA Authentication agent CVE-2012-2286 (Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premis ...) NOT-FOR-US: EMC RSA Authentication agent CVE-2012-2285 (EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, a ...) NOT-FOR-US: EMC Cloud Tiering Appliance CVE-2012-2284 (The (1) install and (2) upgrade processes in EMC NetWorker Module for ...) NOT-FOR-US: EMC NetWorker Module for Microsoft Applications CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware be ...) NOT-FOR-US: Iomega Home Media Network Hard Drive CVE-2012-2282 (EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53. ...) NOT-FOR-US: EMC Celerra/VNX/VNXe CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manage ...) NOT-FOR-US: RSA Access Manager NOTE: http://seclists.org/bugtraq/2012/Jul/36 CVE-2012-2280 (EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appl ...) NOT-FOR-US: RSA Authentication Agent CVE-2012-2279 (Open redirect vulnerability in the Security Console in EMC RSA Authent ...) NOT-FOR-US: RSA Authentication Agent CVE-2012-2278 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Se ...) NOT-FOR-US: RSA Authentication Agent CVE-2012-2277 (The IRM Server in EMC Documentum Information Rights Management 4.x bef ...) NOT-FOR-US: EMC Documentum Information Rights Management CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x bef ...) NOT-FOR-US: EMC Documentum Information Rights Management CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...) NOT-FOR-US: TestLink CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in P ...) NOT-FOR-US: PivotX CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allo ...) NOT-FOR-US: Comodo Internet Security CVE-2012-2272 RESERVED CVE-2012-2271 (Buffer overflow in the InitLicenKeys function in a certain ActiveX con ...) NOT-FOR-US: SkinCrafter CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ownCl ...) - owncloud 3.0.3-1 CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...) - owncloud 3.0.2-1 CVE-2012-2268 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and H ...) NOT-FOR-US: RealNetworks Helix CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and H ...) NOT-FOR-US: RealNetworks Helix CVE-2012-2266 REJECTED CVE-2012-2265 REJECTED CVE-2012-2264 REJECTED CVE-2012-2263 REJECTED CVE-2012-2262 REJECTED CVE-2012-2261 REJECTED CVE-2012-2260 REJECTED CVE-2012-2259 REJECTED CVE-2012-2258 REJECTED CVE-2012-2257 REJECTED CVE-2012-2256 REJECTED CVE-2012-2255 REJECTED CVE-2012-2254 REJECTED CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in Mahar ...) {DSA-2591-1} - mahara 1.5.1-3.1 (bug #695789) CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsyn ...) {DSA-2578-1} - rssh 2.3.3-6 CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync prot ...) {DSA-2578-1} - rssh 2.3.3-6 CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of se ...) {DLA-17-1} - tor 0.2.3.24-rc-1 (low) [squeeze] - tor 0.2.4.23-1~deb6u1 CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of se ...) {DLA-17-1} - tor 0.2.3.23-rc-1 (low) [squeeze] - tor 0.2.4.23-1~deb6u1 CVE-2012-2248 (An issue was discovered in dhclient 4.3.1-6 due to an embedded path va ...) - isc-dhcp 4.2.4-3 (bug #690532) [wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u2 [squeeze] - isc-dhcp (CLIENT_PATH is not correctly defined) NOTE: Debian-specific CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=4938 NOTE: https://bugs.launchpad.net/mahara/+bug/1061980 CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attacke ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=493 NOTE: https://bugs.launchpad.net/mahara/+bug/1057240 CVE-2012-2245 REJECTED CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote authent ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=4936 NOTE: https://bugs.launchpad.net/mahara/+bug/1057238 CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...) {DSA-2591-1} - mahara 1.5.1-3 NOTE: https://mahara.org/interaction/forum/topic.php?id=4937 NOTE: https://bugs.launchpad.net/mahara/+bug/1055232 NOTE: https://bugs.launchpad.net/mahara/+bug/1063480 CVE-2012-2242 (scripts/dget.pl in devscripts before 2.10.73 allows remote attackers t ...) {DSA-2549-1} - devscripts 2.12.3 CVE-2012-2241 (scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to ...) {DSA-2549-1} - devscripts 2.12.3 CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote attacke ...) {DSA-2549-1} - devscripts 2.12.3 CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attacke ...) {DSA-2591-1} - mahara 1.5.1-3 CVE-2012-2238 (trytond 2.4: ModelView.button fails to validate authorization ...) - tryton-server (only affected 2.4, in experimental) CVE-2012-2237 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x be ...) {DSA-2540-1} - mahara 1.5.1-2 CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 al ...) NOT-FOR-US: PHP Gift Registry CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident Tracker ( ...) NOT-FOR-US: Support Incident Tracker CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php ...) - teampass (bug #730180) CVE-2012-2233 RESERVED CVE-2012-2232 RESERVED CVE-2012-2231 RESERVED CVE-2012-2230 (Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Mana ...) NOT-FOR-US: Cloudera Manager CVE-2012-2229 RESERVED CVE-2012-2228 RESERVED CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...) NOT-FOR-US: PluXml CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize user-supplied inpu ...) NOT-FOR-US: Invision Power Board CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: 360zip CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitra ...) NOT-FOR-US: Xunlei Thunder CVE-2012-2223 (The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3 ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2012-2222 RESERVED CVE-2012-2221 RESERVED CVE-2012-2220 RESERVED CVE-2012-2219 RESERVED CVE-2012-2218 RESERVED CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, ...) NOT-FOR-US: Android CVE-2012-2216 REJECTED CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before 1. ...) - wicd 1.7.2.4-1 (low; bug #668397) [squeeze] - wicd 1.7.0+ds1-5+squeeze2 CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ZEN ...) NOT-FOR-US: Novell ZENworks Configuration Management CVE-2012-2214 (proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle ...) - pidgin 2.10.4-1 [squeeze] - pidgin (Update not feasible, updated packages are provided through backports) NOTE: http://www.pidgin.im/news/security/?id=62 CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the acces ...) NOT-FOR-US: Disputed Squid access bypass, probably user error and minor impact anyway CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to bypas ...) NOT-FOR-US: McAfee Web Gateway CVE-2012-2211 (Cross-site scripting (XSS) vulnerability in phpgwapi/inc/common_functi ...) - egroupware CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a deni ...) NOT-FOR-US: Sony Bravia CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Pi ...) - piwigo (bug #685364) [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before 2.3. ...) - piwigo (bug #685364) [squeeze] - piwigo (Unsupported in squeeze-lts) NOTE: Request to mark the package as unsupported in #779104 CVE-2012-2207 RESERVED CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7. ...) NOT-FOR-US: IBM WebSphere MQ File Transfer Edition CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...) NOT-FOR-US: InfoSphere Guardium aix_ktap module CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...) NOT-FOR-US: IBM Global Security Kit CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...) NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System CVE-2012-2201 (IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by a ...) NOT-FOR-US: IBM CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...) NOT-FOR-US: sendmail configuration in AIX CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...) NOT-FOR-US: IBM WebSphere MQ CVE-2012-2198 RESERVED CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure infrastructur ...) NOT-FOR-US: IBM DB2 CVE-2012-2196 (IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through ...) NOT-FOR-US: IBM DB2 CVE-2012-2195 RESERVED CVE-2012-2194 (Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored p ...) NOT-FOR-US: IBM DB2 CVE-2012-2193 (Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4- ...) NOT-FOR-US: AIX CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...) NOT-FOR-US: IBM Global Security Kit CVE-2012-2190 (IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-2189 RESERVED CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1. ...) NOT-FOR-US: IBM Power Hardware Management Console CVE-2012-2187 (IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, ...) NOT-FOR-US: IBM Remote Supervisor Adapter CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...) {DSA-2550-1} - asterisk 1:1.8.13.1~dfsg-1 (bug #680470) CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Con ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-2184 (Session fixation vulnerability in IBM Maximo Asset Management 7.1 thro ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-2183 (Session fixation vulnerability in IBM Maximo Asset Management 6.2 thro ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-2182 RESERVED CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere not in Debian CVE-2012-2180 (The chaining functionality in the Distributed Relational Database Arch ...) NOT-FOR-US: IBM DB2 CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...) NOT-FOR-US: AIX CVE-2012-2178 RESERVED CVE-2012-2177 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intell ...) NOT-FOR-US: IBM Cognos Business Intelligence CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in ...) NOT-FOR-US: IBM Lotus Quickr CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX co ...) NOT-FOR-US: IBM Lotus iNotes CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote ...) NOT-FOR-US: Notes CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 ...) NOT-FOR-US: AppScan CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...) NOT-FOR-US: IBM System Storage DS Storage Manager CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...) NOT-FOR-US: IBM System Storage DS Storage Manager CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...) NOT-FOR-US: WebSphere CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload functional ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 al ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attacker ...) NOT-FOR-US: IBM XIV Storage System Gen3 CVE-2012-2166 (IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2 ...) NOT-FOR-US: IBM XIV Storage System CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, w ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allow ...) NOT-FOR-US: IBM Scale Out Network Attached Storage CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 a ...) NOT-FOR-US: WebSphere CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Ec ...) NOT-FOR-US: IBM Security AppScan Source CVE-2012-2160 (IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused ...) NOT-FOR-US: IBM CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...) NOT-FOR-US: IBM Eclipse Help System CVE-2012-2158 RESERVED CVE-2012-2157 RESERVED CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 ...) NOT-FOR-US: Plume CMS CVE-2012-2155 (Cross-site request forgery (CSRF) vulnerability in the CDN2 Video modu ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x ...) NOT-FOR-US: Drupal addon not packaged CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...) - drupal7 7.14-1 CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in dh ...) {DSA-2498-1} - dhcpcd 1:3.2.3-11 (bug #671265) NOTE: https://www.openwall.com/lists/oss-security/2012/05/02/4 CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x befo ...) {DSA-2461-1} - spip 2.1.13-1 (low; bug #671264) CVE-2012-2150 (xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file ...) - xfsprogs 3.2.4-1 (low; bug #793495) [jessie] - xfsprogs (Minor issue, too intrusive to backport) [wheezy] - xfsprogs (Minor issue) [squeeze] - xfsprogs (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817696 NOTE: http://oss.sgi.com/pipermail/xfs/2015-July/042726.html CVE-2012-2149 (The WPXContentListener::_closeTableRow function in WPXContentListener. ...) - libwpd 0.8.14-1 NOTE: http://permalink.gmane.org/gmane.comp.security.full-disclosure/85789 NOTE: http://sourceforge.net/p/libwpd/code/ci/437bf6702164e30761a10771f95dd1c796f474b7 NOTE: http://sourceforge.net/p/libwpd/code/ci/5969b8f3f73418ebba2a722513a4cb285e7b9c23 CVE-2012-2148 (An issue exists in the property replacements feature in any descriptor ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a de ...) - munin 2.0~rc6-1 (bug #670811) [squeeze] - munin (Vulnerable code not present) CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique i ...) - elixir 0.7.1-4 (low; bug #670919) [jessie] - elixir (Minor issue) [squeeze] - elixir (Minor issue) [wheezy] - elixir (Minor issue) CVE-2012-2145 (Apache Qpid 0.17 and earlier does not properly restrict incoming clien ...) - qpid-cpp 0.16-1 (bug #672124) CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom ...) - horizon 2012.1-4 (bug #671604) CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ...) {DSA-2491-1} - postgresql-9.1 9.1.4-1 - postgresql-8.4 8.4.12-1 - php5 5.3.3-1 NOTE: Uses the unaffected system libraries since 5.3.3 CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote ...) - xpdf (uses poppler's Error.cc) - poppler 0.18.4-7 (unimportant; bug #487773) NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in agent ...) - net-snmp 5.4.3~dfsg-2.5 (low; bug #672492) [squeeze] - net-snmp 5.4.3~dfsg-2+squeeze1 NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...) - ruby-mail 2.4.4-1 CVE-2012-2139 (Directory traversal vulnerability in lib/mail/network/delivery_methods ...) - ruby-mail 2.4.4-1 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the org.apache.sling.se ...) NOT-FOR-US: Apache Sling CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Lin ...) - linux 3.2.20-1 CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux kern ...) - linux 3.2.20-1 - linux-2.6 [squeeze] - linux-2.6 2.6.32-46 CVE-2012-2135 (The utf-16 decoder in Python 3.1 through 3.3 does not update the align ...) - python3.1 (bug #670389) [squeeze] - python3.1 (Minor issue) - python3.2 3.2.3-1 (bug #670389) - python3.3 3.3.1-1 NOTE: http://bugs.python.org/issue14579 CVE-2012-2134 (The handle_connection_error function in ldap_helper.c in bind-dyndb-ld ...) NOT-FOR-US: Dynamic LDAP backend plugin for BIND CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when hu ...) {DSA-2469-1} - linux-2.6 3.2.19-1 CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or clear the ...) - midori (unimportant; bug #672880) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=758431 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692 CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSS ...) {DSA-2454-2} - openssl (only affected patch against 0.9.8) NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2 CVE-2012-2130 (A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1. ...) - polarssl 1.1.2-1 [squeeze] - polarssl (Introduced in 0.99-pre4) CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012- ...) - dokuwiki 0.0.20120125a-1 (low; bug #670917) [squeeze] - dokuwiki NOTE: http://secunia.com/advisories/48848/ CVE-2012-2128 - dokuwiki 0.0.20120125a-1 (unimportant) NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488 CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...) - linux-2.6 3.2-1 [squeeze] - linux-2.6 (Introduced in 3.1) CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which allow ...) - rubygems 1.8.24-1 (bug #670228) CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which m ...) - rubygems 1.8.24-1 (bug #670228) CVE-2012-2124 (functions/imap_general.php in SquirrelMail, as used in Red Hat Enterpr ...) - squirrelmail (Incorrect RedHat security update) CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux k ...) {DSA-2469-1} - linux-2.6 3.2.16-1 CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.2 ...) {DSA-2496-1} - mysql-5.1 (bug #677018) - mysql-5.5 5.5.24+dfsg-1 NOTE: https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/ NOTE: http://seclists.org/oss-sec/2012/q2/493 NOTE: Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected. NOTE: Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings. CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not prope ...) {DSA-2668-1} - linux-2.6 3.2.17-1 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ver ...) - texlive-extra 2012.20130315-1 (low; bug #668779) [wheezy] - texlive-extra (Minor issue) [squeeze] - texlive-extra 2009-10+squeeze1 CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel befor ...) - linux 3.2.20-1 [squeeze] - linux-2.6 (Vulnerable code not present, was added in 3.1) CVE-2012-2118 (Format string vulnerability in the LogVHdrMessageVerb function in os/l ...) - xorg-server 2:1.12.1.902-1 (bug #673148) [squeeze] - xorg-server (Introduced in 1.10) NOTE: http://lists.x.org/pipermail/xorg-devel/2012-May/031411.html CVE-2012-2117 (Cross-site scripting (XSS) vulnerability in the Gigya - Social optimiz ...) NOT-FOR-US: Drupal plugin (Gigya - Social Optimization) not in Debian CVE-2012-2116 (Cross-site request forgery (CSRF) vulnerability in the Commerce Reorde ...) NOT-FOR-US: Drupal plugin (Commerce Reorder) not in Debian CVE-2012-2115 (SQL injection vulnerability in interface/login/validateUser.php in Ope ...) NOT-FOR-US: OpenEMR CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlie ...) NOT-FOR-US: musl libc not in Debian CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow r ...) {DSA-2552-1} - tiff 4.0.2-1 (bug #678140) - tiff3 (The tiff-tools package is only built from the tiff source package) CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in T ...) {DSA-2455-1} - typo3-src 4.5.15+dfsg1-1 (bug #669158) NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/ CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...) {DSA-2463-1} - samba 2:3.6.5-1 NOTE: http://www.samba.org/samba/history/samba-3.6.5.html NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL be ...) {DSA-2454-1} - openssl 1.0.1a-1 NOTE: http://www.openssl.org/news/secadv/20120419.txt CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1. ...) NOT-FOR-US: wordpress buddypress plugin CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c i ...) - csound 1:5.17.6~dfsg-1 (low; bug #661197) [squeeze] - csound (Minor issue) CVE-2012-2107 (Integer overflow in the main function in util/lpci_main.c in Csound be ...) - csound 1:5.17.6~dfsg-1 (bug #661197) [squeeze] - csound (Minor issue) CVE-2012-2106 (Integer overflow in the pv_import function in util/pv_import.c in Csou ...) - csound 1:5.17.6~dfsg-1 (bug #661197) [squeeze] - csound (Minor issue) CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...) NOT-FOR-US: tsheetx CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without ...) - munin 2.0~rc6-1 (bug #668666) [squeeze] - munin (Vulnerable code not present) [lenny] - munin (Vulnerable code not present) CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite a ...) - munin 2.0~rc6-1 (bug #668778) [squeeze] - munin (Vulnerable code not present) [lenny] - munin (Vulnerable code not present) CVE-2012-2102 (MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authen ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (low; bug #670636) - mysql-5.5 5.5.24+dfsg-1 (low) CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the ...) - nova 2012.1-2 (bug #670637) CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kerne ...) - linux-2.6 3.2.2-1 [squeeze] - linux-2.6 2.6.32-41squeeze1 NOTE: incomplete fix of CVE-2009-4307, introducing another issue: NOTE: https://lkml.org/lkml/2012/2/20/422 CVE-2012-2099 (Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 ...) NOT-FOR-US: Wikidforum CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms in bzip ...) - libcommons-compress-java 1.4.1-1 (low; bug #674448) [squeeze] - libcommons-compress-java (Minor issue) CVE-2012-2097 (Cross-site request forgery (CSRF) vulnerability in the Autosave module ...) NOT-FOR-US: Drupal module Autosave CVE-2012-2096 (The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not proper ...) NOT-FOR-US: Drupal module Fivestar CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh mechanism in t ...) - horizon 2012.1-3 CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to overwrite arbi ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1.1 (low; bug #668710) CVE-2012-2092 (A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 ...) - cobbler (Ubuntu specific cobbler-ubuntu-import script not present) CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2. ...) - simgear 2.10.0-3 (unimportant; bug #669024) - flightgear 2.6.0-1.1 (unimportant; bug #669025) NOTE: Negligible security impact, very obscure attack vector CVE-2012-2090 (Multiple format string vulnerabilities in FlightGear 2.6 and earlier a ...) - simgear 2.10.0-2 (unimportant; bug #669024) - flightgear 2.6.0-1.1 (unimportant; bug #669025) NOTE: Negligible security impact, very obscure attack vector CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module mo ...) - nginx 1.1.19-1 [squeeze] - nginx (Vulnerable code not present) CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif_dirr ...) {DSA-2552-1} - tiff 4.0-1 (bug #678140) - tiff3 3.9.6-6 CVE-2012-2087 (ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entir ...) NOT-FOR-US: ISPConfig CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines functio ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1 (low; bug #668038) CVE-2012-2085 (The exec_command function in common/helpers.py in Gajim before 0.15 al ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1 (medium; bug #668038) CVE-2012-2084 (Cross-site scripting (XSS) vulnerability in the Printer, email and PDF ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2083 (Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2081 (The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2080 (Cross-site request forgery (CSRF) vulnerability in the Node Limit Numb ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2079 (A cross-site request forgery (CSRF) vulnerability in the Activity modu ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2078 (Cross-site scripting (XSS) vulnerability in the Activity module 6.x-1. ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2077 (Cross-site request forgery (CSRF) vulnerability in the ShareThis modul ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2076 (Cross-site scripting (XSS) vulnerability in the administration forms i ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2075 (Cross-site scripting (XSS) vulnerability in the Contact Save module 6. ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2074 (Unspecified vulnerability in certain default views in the Ubercart Vie ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2073 (The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not chec ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2072 (Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAn ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2071 (Cross-site scripting (XSS) vulnerability in the Contact Forms module 6 ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2070 (Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x- ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2069 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2068 (Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.mod ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2067 (Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2. ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2066 (Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2 ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2065 (Cross-site scripting (XSS) vulnerability in the Language Icons module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2064 (Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.th ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2063 (The Slidebox module before 7.x-1.4 for Drupal does not properly check ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2062 (Open redirect vulnerability in the Redirecting click bouncer module fo ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2061 (Cross-site request forgery (CSRF) vulnerability in the Admin tools mod ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2060 (Cross-site scripting (XSS) vulnerability in the Admin tools module for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2059 (Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2058 (The Ubercart Payflow module for Drupal does not use a secure token, wh ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2057 (Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk S ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2056 (Cross-site request forgery (CSRF) vulnerability in the Content Lock mo ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-2055 (GitHub Enterprise before 20120304 does not properly restrict the use o ...) NOT-FOR-US: GitHub Enterprise CVE-2012-2054 (Redmine before 1.3.2 does not properly restrict the use of a hash to p ...) - redmine 1.3.2+dfsg1-1 [squeeze] - redmine (Redmine not supported because of rails) NOTE: http://www.redmine.org/issues/10390 NOTE: git mirror patch would be 5141f1e..177ff05 CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass 6.0. ...) NOT-FOR-US: F5 Firepass CVE-2012-2052 (Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Pho ...) NOT-FOR-US: Adobe Photoshop plugin U3D.8BI library CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Wi ...) NOT-FOR-US: Adobe Reader CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...) NOT-FOR-US: Adobe Reader CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5 ...) NOT-FOR-US: Adobe Reader CVE-2012-2048 (Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows at ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ColdFus ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-2040 (Untrusted search path vulnerability in the installer in Adobe Flash Pl ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2039 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2038 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2037 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2036 (Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x bef ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2035 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 a ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2034 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-2033 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2032 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2031 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2030 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-2028 (Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12 ...) NOT-FOR-US: Adobe Photoshop CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 ...) NOT-FOR-US: Adobe Photoshop CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2025 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2024 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2023 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Illustrator CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...) NOT-FOR-US: HP Network Node Manager CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager ...) NOT-FOR-US: HP AssetManager CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12 allow ...) NOT-FOR-US: HP Operations Agent CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 allow ...) NOT-FOR-US: HP Operations Agent CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...) NOT-FOR-US: HP Network Node Manager CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...) NOT-FOR-US: HP Photosmart Wireless e-All-in-One CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not properly val ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have an off ...) NOT-FOR-US: HP System Management Homepage CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin ...) NOT-FOR-US: HP Web Jetadmin CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha pl ...) NOT-FOR-US: OpenVMS CVE-2012-2009 (Unspecified vulnerability in HP Performance Insight for Networks 5.3.x ...) NOT-FOR-US: HP Performance Insight CVE-2012-2008 (Cross-site scripting (XSS) vulnerability in HP Performance Insight for ...) NOT-FOR-US: HP Performance Insight CVE-2012-2007 (SQL injection vulnerability in HP Performance Insight for Networks 5.3 ...) NOT-FOR-US: HP Performance Insight CVE-2012-2006 (Unspecified vulnerability in HP Insight Management Agents before 9.0.0 ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2005 (Cross-site scripting (XSS) vulnerability in HP Insight Management Agen ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2004 (Open redirect vulnerability in HP Insight Management Agents before 9.0 ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2003 (Cross-site request forgery (CSRF) vulnerability in HP Insight Manageme ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2002 (Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 a ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2001 (Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux b ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-2000 (Multiple unspecified vulnerabilities in HP System Health Application a ...) NOT-FOR-US: Proprietary HP monitoring tools CVE-2012-1999 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1998 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1997 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1994 (HP Systems Insight Manager before 7.0 allows a remote user on adjacent ...) NOT-FOR-US: HP Systems Insight Manager CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS ...) NOT-FOR-US: CMD Made Simple CVE-2012-1991 RESERVED CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider Elect ...) NOT-FOR-US: Schneider Electric Kerweb CVE-2012-1989 (telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2 ...) - puppet 2.7.13-1 [squeeze] - puppet (Only affects 2.7.x) CVE-2012-1988 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1987 (Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x befo ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1986 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1985 (Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix ...) NOT-FOR-US: RealNetworks Helix CVE-2012-1984 (Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks He ...) NOT-FOR-US: RealNetworks Helix CVE-2012-1983 RESERVED CVE-2012-1982 (Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages ...) NOT-FOR-US: SocialCMS CVE-2012-1981 RESERVED CVE-2012-1980 RESERVED CVE-2012-1979 (Cross-site scripting (XSS) vulnerability in starnet/index.php in Synde ...) NOT-FOR-US: SyndeoCMS CVE-2012-1978 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple P ...) NOT-FOR-US: Simple PHP Agenda CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of ...) NOT-FOR-US: WellinTech KingSCADA CVE-2012-1976 (Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesVa ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1975 (Use-after-free vulnerability in the PresShell::CompleteMove function i ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1974 (Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore fun ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1973 (Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1972 (Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentText ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - icedove 10.0.7-1 - iceape 2.7.7-1 CVE-2012-1971 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox >= 10) CVE-2012-1970 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2556-1 DSA-2554-1 DSA-2553-1} - iceweasel 10.0.7esr-1 - iceape 2.7.7-1 - icedove 10.0.7-1 CVE-2012-1969 (The get_attachment_link function in Template.pm in Bugzilla 2.x and 3. ...) - bugzilla (low) - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug- ...) - bugzilla (Only affects 4.1 to 4.3) - bugzilla4 (bug #669643) CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...) {DSA-2528-1 DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...) {DSA-2514-1} - iceweasel 10.0.6esr-1 CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...) - iceweasel 10.0.6esr-1 [squeeze] - iceweasel CVE-2012-1964 (The certificate-warning functionality in browser/components/certerror/ ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x ...) - iceweasel 10.0.6esr-1 [squeeze] - iceweasel (CSP not yet available) - icedove 10.0.6-1 [squeeze] - icedove (CSP not yet available) - iceape 2.7.6-1 [squeeze] - iceape (CSP not yet available) CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend functi ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implemen ...) - iceweasel (Only affects Firefox > 10) CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden functio ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1957 (An unspecified parser-utility class in Mozilla Firefox 4.x through 13. ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1956 (Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey be ...) - iceweasel (Only affects Firefox >= 10) - icedove (Only affects Firefox >= 10) - iceape (Only affects Firefox >= 10) CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thun ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in ...) {DSA-2528-1 DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased ...) - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) [squeeze] - iceape (Vulnerable code not present) CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 a ...) {DSA-2528-1 DSA-2514-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects Firefox 13) CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2528-1 DSA-2514-1 DSA-2513-1} - iceweasel 10.0.6esr-1 - icedove 10.0.6-1 - iceape 2.7.6-1 CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozil ...) {DSA-2499-1 DSA-2489-1 DSA-2488-1} - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1946 (Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore fun ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1945 (Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thun ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox 4. ...) - iceweasel 10.0.5esr-1 [squeeze] - iceweasel (CSP not yet available) - icedove 10.0.5-1 [squeeze] - icedove (CSP not yet available) CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the Windows Upda ...) - iceweasel (windows-specific) CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12. ...) - iceweasel (windows-specific) CVE-2012-1941 (Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypothet ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild function i ...) {DSA-2499-1 DSA-2489-1 DSA-2488-1} - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ...) - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 [squeeze] - iceweasel (Vulnerable code not present) [squeeze] - icedove (Vulnerable code not present) CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - iceweasel (Only affects iceweasel from experimental) CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2499-1 DSA-2489-1 DSA-2488-1} - iceweasel 10.0.5esr-1 - icedove 10.0.5-1 CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in wp-includes/pluggable.p ...) NOT-FOR-US: Disputed Wordpress issue CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x ...) - newscoop (bug #604113) CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop befo ...) - newscoop (bug #604113) CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x b ...) - newscoop (bug #604113) CVE-2012-1932 (A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlie ...) NOT-FOR-US: Wolf CMS CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an unspecifi ...) NOT-FOR-US: Opera CVE-2012-1930 (Opera before 11.62 on UNIX uses world-readable permissions for tempora ...) NOT-FOR-US: Opera CVE-2012-1929 (Opera before 11.62 on Mac OS X allows remote attackers to spoof the ad ...) NOT-FOR-US: Opera CVE-2012-1928 (Opera before 11.62 allows remote attackers to spoof the address field ...) NOT-FOR-US: Opera CVE-2012-1927 (Opera before 11.62 allows remote attackers to spoof the address field ...) NOT-FOR-US: Opera CVE-2012-1926 (Opera before 11.62 allows remote attackers to bypass the Same Origin P ...) NOT-FOR-US: Opera CVE-2012-1925 (Opera before 11.62 does not ensure that a dialog window is placed on t ...) NOT-FOR-US: Opera CVE-2012-1924 (Opera before 11.62 allows user-assisted remote attackers to trick user ...) NOT-FOR-US: Opera CVE-2012-1923 (RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x s ...) NOT-FOR-US: RealNetworks Helix CVE-2012-1922 (Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom ...) NOT-FOR-US: Sitecom WLM-2501 CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in goform/admin/formWl ...) NOT-FOR-US: Sitecom CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows rem ...) - atmailopen CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client in At ...) - atmailopen CVE-2012-1918 (Multiple directory traversal vulnerabilities in (1) compose.php and (2 ...) - atmailopen CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 ...) - atmailopen CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote a ...) - atmailopen CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_c ...) NOT-FOR-US: EllisLab CodeIgniter CVE-2012-1914 RESERVED CVE-2012-1913 REJECTED CVE-2012-1912 (Cross-site scripting (XSS) vulnerability in preferences.php in PHP Add ...) NOT-FOR-US: PHP Address Book CVE-2012-1911 (Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and ...) NOT-FOR-US: PHP Address Book CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x befor ...) - bitcoin (windows-only, qt gui not built) CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bit ...) - bitcoin 0.6.0-1 CVE-2012-1908 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 all ...) NOT-FOR-US: Splunk CVE-2012-1907 (The scanner engine in PrivaWall Antivirus 5.6 and earlier does not rec ...) NOT-FOR-US: PrivaWall Antivirus CVE-2012-1906 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterpr ...) {DSA-2451-1} - puppet 2.7.13-1 CVE-2012-1905 RESERVED CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks Rea ...) NOT-FOR-US: RealPlayer CVE-2012-1903 (XSS in Telligent Community 5.6.583.20496 via a flash file and related ...) NOT-FOR-US: Telligent Community CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a con ...) - phpmyadmin 4:3.4.10.2-1 (unimportant) CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...) NOT-FOR-US: FlexCMS CVE-2012-1900 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...) NOT-FOR-US: RazorCMS CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/ ...) NOT-FOR-US: Webfolio CMS CVE-2012-1898 (Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/u ...) NOT-FOR-US: Wolf CMS CVE-2012-1897 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS ...) NOT-FOR-US: Wolf CMS CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the exist ...) - cifs-utils 2:5.3-2 (unimportant; bug #665923) NOTE: Harmless information leak, if a user can perform arbitrary CIFS mounts they probably NOTE: can do a lot more with this CVE-2012-1896 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1895 (The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the ...) NOT-FOR-US: Microsoft Office CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1892 (Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Te ...) NOT-FOR-US: Microsoft Visual Studio Team Foundation Server CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...) NOT-FOR-US: Microsoft Data Access Components CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitiali ...) NOT-FOR-US: Microsoft XML Core Services CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...) NOT-FOR-US: Microsoft Visio CVE-2012-1887 (Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and ...) NOT-FOR-US: Microsoft Excel CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel Viewer ...) NOT-FOR-US: Microsoft Excel CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and S ...) NOT-FOR-US: Microsoft Excel CVE-2012-1884 REJECTED CVE-2012-1883 REJECTED CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain sc ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explore ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1871 REJECTED CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1869 REJECTED CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...) NOT-FOR-US: Windows Windows CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoin ...) NOT-FOR-US: Microsoft Office CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Serve ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microso ...) NOT-FOR-US: Microsoft SharePoint CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Interne ...) NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal comp ...) NOT-FOR-US: Microsoft Dynamics AX CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in ...) NOT-FOR-US: Microsoft CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not prop ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office 20 ...) NOT-FOR-US: Microsoft Office CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration Protocol (RAP ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol (RAP) ...) NOT-FOR-US: Microsoft Windows XP CVE-2012-1851 (Format string vulnerability in the Print Spooler service in Microsoft ...) NOT-FOR-US: Microsoft Windows CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the LanmanW ...) NOT-FOR-US: Microsoft Windows CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Atten ...) NOT-FOR-US: Microsoft Lync, Attendee,, Attendant CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...) NOT-FOR-US: Microsoft Excel CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to bypas ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier ...) - chromium-browser 20.0.1132.21~r139451-1 [squeeze] - chromium-browser CVE-2012-1844 (The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G ...) NOT-FOR-US: Quantum Scalar CVE-2012-1843 (Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on ...) NOT-FOR-US: Quantum Scalar CVE-2012-1842 (Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Qu ...) NOT-FOR-US: Quantum Scalar CVE-2012-1841 (Absolute path traversal vulnerability in logShow.htm on the Quantum Sc ...) NOT-FOR-US: Quantum Scalar CVE-2012-1840 (AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly ...) - ajaxplorer (bug #668381) CVE-2012-1839 (Multiple directory traversal vulnerabilities in the Get Template featu ...) - ajaxplorer (bug #668381) CVE-2012-1838 (The web management interface on the LG-Nortel ELO GS24M switch allows ...) NOT-FOR-US: Nortel switch CVE-2012-1837 (The (1) webreports, (2) post/create-role, and (3) post/update-role pro ...) NOT-FOR-US: Tivoli CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow re ...) {DSA-2448-1} - inspircd 2.0.5-0.1 (bug #667914) CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One ...) NOT-FOR-US: All-in-One Event Calendar plugin for WordPress CVE-2012-1834 (Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head fun ...) NOT-FOR-US: WordPress plugin CMS Tree Page View CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does no ...) NOT-FOR-US: Grails CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...) NOT-FOR-US: WellinTech KingView not in Debian CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote a ...) NOT-FOR-US: WellinTech KingView not in Debian CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows remote ...) NOT-FOR-US: WellinTech KingView not in Debian CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Ar ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1 do not ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-1827 (The web service in AutoFORM PDM Archive before 7.1 does not have autho ...) NOT-FOR-US: AutoFORM PDM Archive CVE-2012-1826 (dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute ...) NOT-FOR-US: dotCMS not in Debian CVE-2012-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the status prog ...) NOT-FOR-US: ForeScout CounterACT CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro Client bef ...) NOT-FOR-US: Measuresoft ScadaPro CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...) {DSA-2465-1} - php5 5.4.3-1 NOTE: http://ompldr.org/vZGxxaQ NOTE: https://bugs.php.net/bug.php?id=61910 NOTE: 5.4.2-1 'fixed' this, but fix is incomplete: CVE-2012-2311 CVE-2012-1822 RESERVED CVE-2012-1821 (The Network Threat Protection module in the Manager component in Syman ...) NOT-FOR-US: Symantec Endpoint Protection on Windows Server 2003 CVE-2012-1820 (The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlie ...) {DSA-2497-1} - quagga 0.99.21-3 (bug #676510) CVE-2012-1819 (Untrusted search path vulnerability in WellinTech KingView 6.53 allows ...) NOT-FOR-US: WellinTech KingView CVE-2012-1818 (An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstatio ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1817 (Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3. ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1816 (PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1815 (SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV ...) NOT-FOR-US: DeltaV (SCADA system) not in Debian CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remo ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remo ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote at ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote att ...) NOT-FOR-US: C3-ilex EOScada CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100 ...) NOT-FOR-US: Koyo ECOM CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100 ...) NOT-FOR-US: Koyo ECOM CVE-2012-1807 (Cross-site scripting (XSS) vulnerability in the web server in the ECOM ...) NOT-FOR-US: Koyo ECOM CVE-2012-1806 (The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM ...) NOT-FOR-US: Koyo ECOM CVE-2012-1805 (Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM10 ...) NOT-FOR-US: Koyo ECOM CVE-2012-1804 (The OPC server in Progea Movicon before 11.3 allows remote attackers t ...) NOT-FOR-US: Progea Movicon CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a facto ...) NOT-FOR-US: RuggedCom Rugged Operating System CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens Scalance X I ...) NOT-FOR-US: Siemens Scalance X CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX contr ...) NOT-FOR-US: ABB WebWare CVE-2012-1800 (Stack-based buffer overflow in the Profinet DCP protocol implementatio ...) NOT-FOR-US: Siemens Scalance S CVE-2012-1799 (The web server on the Siemens Scalance S Security Module firewall S602 ...) NOT-FOR-US: Siemens Scalance S CVE-2012-1798 (The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick bef ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has u ...) NOT-FOR-US: IBM DB2 CVE-2012-1796 (Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as us ...) NOT-FOR-US: Tivoli CVE-2012-1795 (webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to ...) NOT-FOR-US: Webglimpse CVE-2012-1794 RESERVED CVE-2012-1793 RESERVED CVE-2012-1792 (Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Se ...) NOT-FOR-US: OSCommerce Online Merchant CVE-2012-1791 RESERVED CVE-2012-1777 (SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 ...) NOT-FOR-US: F5 Firepass CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media player befo ...) - vlc 2.0.1-1 (low) [squeeze] - vlc (Unsupported in squeeze-lts) CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...) - vlc 2.0.1-1 (low) [squeeze] - vlc (Unsupported in squeeze-lts) CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows ...) NOT-FOR-US: Webgrind CVE-2012-1789 (Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 ...) NOT-FOR-US: Kongreg8 CVE-2012-1788 (Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi ...) NOT-FOR-US: WonderDesk SQL CVE-2012-1787 (Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in ...) NOT-FOR-US: Webglimpse CVE-2012-1786 (The Media Upload form in the Video Embed & Thumbnail Generator plu ...) NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator plugin for WordPress CVE-2012-1785 (kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin ...) NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress CVE-2012-1784 (SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers ...) NOT-FOR-US: MyJobList CVE-2012-1783 (Tiny Server 1.1.9 and earlier allows remote attackers to cause a denia ...) NOT-FOR-US: Tiny Server CVE-2012-1782 (Multiple cross-site scripting (XSS) vulnerabilities in questions/ask i ...) NOT-FOR-US: OSQA CVE-2012-1781 (Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentaja ...) NOT-FOR-US: SocialCMS CVE-2012-1780 (SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows re ...) NOT-FOR-US: SocialCMS CVE-2012-1779 (Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDire ...) NOT-FOR-US: IDevSpot idev-BusinessDirectory CVE-2012-1778 (SQL injection vulnerability in artykul_print.php in CreateVision CMS a ...) NOT-FOR-US: CreateVision CMS CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...) NOT-FOR-US: Gretech GOM Media Player CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1765 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 10 CVE-2012-1764 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1763 (Unspecified vulnerability in the Oracle Clinical/Remote Data Capture c ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-1762 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1761 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1760 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1759 (Unspecified vulnerability in the Oracle AutoVue component in Oracle Su ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-1758 (Unspecified vulnerability in the Oracle AutoVue component in Oracle Su ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier al ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier al ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1755 (Unspecified vulnerability in the PeopleSoft PeopleTools component in O ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1753 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1752 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Oracle Sun Solaris 11 CVE-2012-1751 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-1750 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Oracle Sun Solaris 8, 9, 10, and 11 CVE-2012-1749 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1748 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products 9.1 CVE-2012-1747 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle Database Server CVE-2012-1746 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle Database Server CVE-2012-1745 (Unspecified vulnerability in the Network Layer component in Oracle Dat ...) NOT-FOR-US: Oracle Database Server CVE-2012-1744 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1743 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture O ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-1742 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1741 (Unspecified vulnerability in the Enterprise Manager for Fusion Middlew ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1740 (Unspecified vulnerability in the Oracle Application Express Listener c ...) NOT-FOR-US: Oracle Application Express Listener CVE-2012-1739 (Unspecified vulnerability in the Oracle E-Business Intelligence compon ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1738 (Unspecified vulnerability in the Oracle iPlanet Web Server component i ...) NOT-FOR-US: Oracle Sun Products Suite, iPlanet Web Server CVE-2012-1737 (Unspecified vulnerability in the Enterprise Manager for Oracle Databas ...) NOT-FOR-US: Oracle CVE-2012-1736 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier al ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, a ...) {DSA-2496-1} - mysql-5.1 (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1731 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1730 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1729 (Unspecified vulnerability in the Hyperion BI+ component in Oracle Hype ...) NOT-FOR-US: Oracle Hyperion CVE-2012-1728 (Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 all ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1727 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (specific to Oracle Java) - openjdk-7 (specific to Oracle Java) CVE-2012-1721 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (specific to Oracle Java) - openjdk-7 (specific to Oracle Java) CVE-2012-1720 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only affects Java on Solaris) - openjdk-7 (Only affects Java on Solaris) CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-1714 (Unspecified vulnerability in a TList 6 ActiveX control in Oracle Hyper ...) NOT-FOR-US: Oracle Hyperion Financial Management CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1712 (Directory traversal vulnerability in the Liferay component in Oracle S ...) NOT-FOR-US: Oracle Sun GlassFish Web Space Server CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2507-1} - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition co ...) NOT-FOR-US: Oracle Fusion CVE-2012-1709 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition co ...) NOT-FOR-US: Oracle Fusion CVE-2012-1708 (Unspecified vulnerability in the Application Express component in Orac ...) NOT-FOR-US: Oracle Database CVE-2012-1707 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-1706 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-1705 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-1704 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-1703 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-1702 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-1701 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1700 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font server ...) - xfs 1:1.0.1-1 CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authe ...) NOT-FOR-US: Solaris CVE-2012-1697 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.23-1 CVE-2012-1696 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.5 5.5.23-1 CVE-2012-1695 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fu ...) NOT-FOR-US: Oracle Fusion CVE-2012-1694 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attac ...) NOT-FOR-US: Solaris CVE-2012-1693 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...) NOT-FOR-US: Oracle SPARC Enterprise M Series Servers CVE-2012-1692 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...) NOT-FOR-US: Solaris CVE-2012-1691 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...) NOT-FOR-US: Solaris CVE-2012-1690 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, a ...) {DSA-2496-1} - mysql-5.1 (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-1687 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local use ...) NOT-FOR-US: Oracle Solaris 10 and 11 CVE-2012-1686 (Unspecified vulnerability in the Oracle Business Intelligence Enterpri ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1685 (Unspecified vulnerability in the Secure Global Desktop component in Or ...) NOT-FOR-US: Oracle Virtualization CVE-2012-1684 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.2-1 CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2012-1680 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...) NOT-FOR-US: Oracle Siebel CRM CVE-2012-1679 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2012-1678 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools compon ...) NOT-FOR-US: Oracle JD Edwards Products CVE-2012-1677 (Unspecified vulnerability in the Oracle Application Server Single Sign ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-1676 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle FLEXCUBE CVE-2012-1674 (Unspecified vulnerability in the Siebel Clinical component in Oracle I ...) NOT-FOR-US: Oracle Siebel CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing allows r ...) NOT-FOR-US: e-ticketing CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 ...) NOT-FOR-US: Hotel Booking Portal CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and ...) NOT-FOR-US: phpPaleo CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote atta ...) NOT-FOR-US: PHP Grade Book CVE-2012-1669 (Directory traversal vulnerability in index.php in phpMoneyBooks before ...) NOT-FOR-US: phpMoneyBooks CVE-2012-1668 RESERVED CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9. ...) {DSA-2486-1} - bind9 1:9.8.1.dfsg.P1-4.1 - isc-dhcp (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware Workstat ...) NOT-FOR-US: VMware Tools CVE-2012-1665 (Multiple SQL injection vulnerabilities in the admin panel in osCMax be ...) NOT-FOR-US: osCMax CVE-2012-1664 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...) NOT-FOR-US: osCMax CVE-2012-1663 (Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows ...) - gnutls28 3.0.14-1 - gnutls26 (only GNUTLS 3.0 is affected) CVE-2012-1662 (CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP ...) NOT-FOR-US: CA ARCserve Backup CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly pro ...) NOT-FOR-US: ESRI ArcMap, ArcGIS CVE-2012-1660 (Multiple cross-site scripting (XSS) vulnerabilities in components/sele ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1659 (Cross-site scripting (XSS) vulnerability in the Node Recommendation mo ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1658 (Cross-site scripting (XSS) vulnerability in the Read More Link module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1657 (Cross-site scripting (XSS) vulnerability in block_class.module in the ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1656 (SQL injection vulnerability in the Multisite Search module 6.x-2.2 for ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1655 (Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment mod ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1654 (Multiple cross-site scripting (XSS) vulnerabilities in the Data module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1653 (Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integra ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1652 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select mo ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1651 (Cross-site scripting (XSS) vulnerability in the Submenu Tree module be ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access co ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1649 (Cool Aid module before 6.x-1.9 for Drupal does not enforce access rest ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1648 (Cross-site scripting (XSS) vulnerability in the Cool Aid module before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the "stand alon ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1646 (Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1644 (The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for D ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1643 (The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does n ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1642 (includes/linkchecker.pages.inc in the Link checker module 6.x-2.x befo ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1641 (The finder_import function in the Finder module 6.x-1.x before 6.x-1.2 ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1640 (Multiple cross-site scripting (XSS) vulnerabilities in the Managesite ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1639 (Multiple cross-site scripting (XSS) vulnerabilities in product/commerc ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1638 (SQL injection vulnerability in the Search Autocomplete module before 7 ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1637 (Cross-site scripting vulnerability (XSS) in the Quick Tabs module 6.x- ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1636 (Cross-site request forgery (CSRF) vulnerability in the stickynote modu ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1634 (Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1632 (Cross-site scripting (XSS) vulnerability in password_policy.admin.inc ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1631 (Cross-site request forgery (CSRF) vulnerability in the Admin:hover mod ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1630 (Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator mod ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1629 (Cross-site scripting (XSS) vulnerability in the Taxotouch module for D ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1628 (Cross-site scripting (XSS) vulnerability in the SuperCron module for D ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1627 (Cross-site scripting (XSS) vulnerability in vud_term.module in the Vot ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1626 (SQL injection vulnerability in the conversion form for Events in the D ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode functio ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1624 (Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek mo ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does not restr ...) NOT-FOR-US: Drupal addon module not packaged in Debian CVE-2012-1622 (Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execut ...) NOT-FOR-US: Apache OFBiz CVE-2012-1621 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For ...) NOT-FOR-US: Apache OFBiz CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the scr ...) - suckless-tools 39-1 (unimportant; bug #667796) CVE-2012-1619 REJECTED CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...) - libpgjava (Even the version in oldstable had 8.2) CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before 2.3 ...) NOT-FOR-US: OSClass not in Debian CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...) - argyll 1.4.0-1 [squeeze] - argyll (Only standalone binary in squeeze, minor impact) NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the NOTE: isolated security fix CVE-2012-1615 (A Privilege Escalation vulnerability exits in Fedoraproject Sectool du ...) NOT-FOR-US: sectool CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to obta ...) NOT-FOR-US: Coppermine CVE-2012-1613 (Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Copper ...) NOT-FOR-US: Coppermine CVE-2012-1612 (Cross-site scripting (XSS) vulnerability in the update manager in Joom ...) NOT-FOR-US: Joomla! CVE-2012-1611 (Joomla! 2.5.x before 2.5.4 does not properly check permissions, which ...) NOT-FOR-US: Joomla! CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/property.c ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-1609 REJECTED CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5 ...) {DSA-2445-1} - typo3-src 4.5.14+dfsg1-1 CVE-2012-1607 (The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, ...) {DSA-2445-1} - typo3-src 4.5.14+dfsg1-1 CVE-2012-1606 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend com ...) {DSA-2445-1} - typo3-src 4.5.14+dfsg1-1 CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unser ...) - typo3-src (vulnerable code not yet present) CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote ...) NOT-FOR-US: NextBBS CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0. ...) NOT-FOR-US: NextBBS CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass authenticati ...) NOT-FOR-US: NextBBS CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...) {DSA-2469-1} - linux-2.6 3.2.17-1 (low) CVE-2012-1600 (Multiple cross-site scripting (XSS) vulnerabilities in functions.php i ...) - phppgadmin 5.0.4-1 [squeeze] - phppgadmin (Minor issue, will be fixed through a point update) CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...) NOT-FOR-US: Joomla! CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...) NOT-FOR-US: Joomla! CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...) NOT-FOR-US: eZ Publish CVE-2012-1596 (The mp2t_process_fragmented_payload function in epan/dissectors/packet ...) - wireshark 1.6.6-1 (unimportant; bug #666058) NOTE: Not suitable for code injection CVE-2012-1595 (The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wi ...) - wireshark 1.6.6-1 (bug #666058) [squeeze] - wireshark 1.2.11-6+squeeze7 CVE-2012-1594 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wir ...) - wireshark 1.6.6-1 (unimportant; bug #666058) NOTE: Not suitable for code injection CVE-2012-1593 (epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1 ...) - wireshark 1.6.6-1 (unimportant; bug #666058) [squeeze] - wireshark 1.2.11-6+squeeze7 NOTE: Not suitable for code injection CVE-2012-1592 (A local code execution issue exists in Apache Struts2 when processing ...) - libstruts1.2-java (Only applies to Struts 2, see bug #657870) CVE-2012-1591 (The image module in Drupal 7.x before 7.14 does not properly check per ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1590 (The forum list in Drupal 7.x before 7.14 does not properly check user ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1589 (Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1588 (Algorithmic complexity vulnerability in the _filter_url function in th ...) - drupal7 7.14-1 (bug #671402) CVE-2012-1587 REJECTED CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticat ...) - nova 2012-1~rc3-1 (bug #666888) CVE-2012-1584 (Integer overflow in the mid function in toolkit/tbytevector.cpp in Tag ...) - taglib 1.7.1-1 (low; bug #662705) [squeeze] - taglib (Minor issue) CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6 ...) - linux-2.6 2.6.22-1 CVE-2012-1582 (Cross-site scripting (XSS) vulnerability in the wikitext parser in Med ...) - mediawiki 1:1.15.5-9 (bug #666269) [squeeze] - mediawiki CVE-2012-1581 (MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak rand ...) - mediawiki 1:1.15.5-9 (bug #666269) [squeeze] - mediawiki CVE-2012-1580 (Cross-site request forgery (CSRF) vulnerability in Special:Upload in M ...) - mediawiki (Vulnerable code not present, see bug #666269) CVE-2012-1579 (The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x befor ...) - mediawiki (Vulnerable code not present, see bug #666269) CVE-2012-1578 (Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWik ...) - mediawiki (Vulnerable code not present, see bug #666269) CVE-2012-1577 (lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. ...) - dietlibc 0.33~cvs20120325-1 (unimportant) CVE-2012-1576 (The myuser_delete function in libathemecore/account.c in Atheme 5.x be ...) NOT-FOR-US: atheme CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5 ...) NOT-FOR-US: cumin CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.20 ...) - hadoop (bug #535861) CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3 ...) {DSA-2441-1} - gnutls26 2.12.18-1 (high) - gnutls28 3.0.17-2 (high) CVE-2012-1572 (OpenStack Keystone: extremely long passwords can crash Keystone by exh ...) - keystone 2012.1~rc2-1 CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...) {DSA-2422-1} - file 5.11-1 (low; bug #664263) CVE-2012-1570 (The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 over ...) - maradns 1.4.12-1 (bug #665012) [squeeze] - maradns 1.4.03-1.1+squeeze1 CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 before ...) {DSA-2440-1} - libtasn1-3 2.12-1 (high) CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...) - linux-2.6 (execshield issue) CVE-2012-1567 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...) NOT-FOR-US: LinuxMint CVE-2012-1566 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...) NOT-FOR-US: LinuxMint CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...) NOT-FOR-US: eZ Publish CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in administration/create_albu ...) NOT-FOR-US: YVS CVE-2012-1563 (Joomla! before 2.5.3 allows Admin Account Creation. ...) NOT-FOR-US: Joomla! CVE-2012-1562 (Joomla! core before 2.5.3 allows unauthorized password change. ...) NOT-FOR-US: Joomla! CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x ...) NOT-FOR-US: Drupal Finder CVE-2012-1560 RESERVED CVE-2012-1559 RESERVED CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...) - cyassl (Fixed before initial upload) NOTE: https://github.com/cyassl/cyassl/commit/6b77c8967aa34f2a0bae85e90a469c4170cb2bb1 CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Paralle ...) NOT-FOR-US: Parallels Plesk Panel CVE-2012-1556 (Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 f ...) NOT-FOR-US: Synology DiskStation Manager extension CVE-2012-1555 RESERVED CVE-2012-1554 RESERVED CVE-2012-1553 RESERVED CVE-2012-1552 RESERVED CVE-2012-1551 RESERVED CVE-2012-1550 RESERVED CVE-2012-1549 RESERVED CVE-2012-1548 RESERVED CVE-2012-1547 RESERVED CVE-2012-1546 RESERVED CVE-2012-1545 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1544 REJECTED CVE-2012-1543 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) CVE-2012-1542 RESERVED CVE-2012-1541 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-1540 RESERVED CVE-2012-1539 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1538 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows r ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1537 (Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 i ...) NOT-FOR-US: DirectX 9.0 in Microsoft Windows CVE-2012-1536 RESERVED CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-1534 REJECTED CVE-2012-1533 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-1532 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) CVE-2012-1531 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Specific to Oracle Java, not present in IcedTea) - openjdk-7 (Specific to Oracle Java, not present in IcedTea) NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected CVE-2012-1530 (Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acro ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 al ...) NOT-FOR-US: Internet Explorer CVE-2012-1528 (Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows CVE-2012-1527 (Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3 ...) NOT-FOR-US: Microsoft Windows CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5. ...) NOT-FOR-US: Adobe Reader CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1522 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...) - chromium-browser 18.0.1025.168~r134367-1 [squeeze] - chromium-browser CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-1519 RESERVED CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, V ...) NOT-FOR-US: VMware CVE-2012-1517 (The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handl ...) NOT-FOR-US: VMware CVE-2012-1516 (The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 ...) NOT-FOR-US: VMware CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properl ...) NOT-FOR-US: VMware ESXi CVE-2012-1514 (Cross-site request forgery (CSRF) vulnerability in VMware vShield Mana ...) NOT-FOR-US: VMware vShield Manager CVE-2012-1513 (The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 be ...) NOT-FOR-US: VMware vCenter Orchestrator CVE-2012-1512 (Cross-site scripting (XSS) vulnerability in the internal browser in vS ...) NOT-FOR-US: VMware vSphere CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in VMw ...) NOT-FOR-US: VMware View CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, an ...) NOT-FOR-US: VMware ESXi CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 ...) NOT-FOR-US: VMware View CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4 ...) NOT-FOR-US: VMware ESXi CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM befor ...) NOT-FOR-US: OrangeHRM CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in lib/models ...) NOT-FOR-US: OrangeHRM CVE-2012-1505 RESERVED CVE-2012-1504 RESERVED CVE-2012-1503 (Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six Ap ...) NOT-FOR-US: Six Apart CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0. ...) {DSA-2430-1} - python-pam 0.4.2-13 CVE-2012-1501 REJECTED CVE-2012-1500 (Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and Gre ...) NOT-FOR-US: Atlassian CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attac ...) - openjpeg (vulnerable code introduced after 1.3) CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...) NOT-FOR-US: Webfolio CMS CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before 5.0 ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...) - webcalendar CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers ...) - webcalendar CVE-2012-1102 (It was discovered that the XML::Atom Perl module before version 0.39 d ...) {DSA-2424-1} - libxml-atom-perl 0.39-1 (medium) CVE-2012-1494 RESERVED CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...) NOT-FOR-US: F5 BIG-IP appliances CVE-2012-1492 RESERVED CVE-2012-1491 RESERVED CVE-2012-1490 RESERVED CVE-2012-1489 RESERVED CVE-2012-1488 RESERVED CVE-2012-1487 RESERVED CVE-2012-1486 RESERVED CVE-2012-1485 (Unspecified vulnerability in the NetFront Life Browser (com.access_com ...) NOT-FOR-US: NetFront Life Browser for Android CVE-2012-1484 (Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) appl ...) NOT-FOR-US: WaliSMS CN (cn.com.wali.walisms) application CVE-2012-1483 (Unspecified vulnerability in the Message Forwarder (com.gmail.zbnetium ...) NOT-FOR-US: Message Forwarder for Android CVE-2012-1482 (Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdi ...) NOT-FOR-US: TouchPal Contacts for Android CVE-2012-1481 (Unspecified vulnerability in the Textdroid (com.app.android.textdroid) ...) NOT-FOR-US: Textdroid for Android CVE-2012-1480 (Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application ...) NOT-FOR-US: Pansi SMS CVE-2012-1479 (Unspecified vulnerability in the AContact (com.movester.quickcontact) ...) NOT-FOR-US: AContact CVE-2012-1478 (Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) ...) NOT-FOR-US: UCMobile BloveStorm CVE-2012-1477 (Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 ...) NOT-FOR-US: Cnectd CVE-2012-1476 (Unspecified vulnerability in the KKtalk (com.kkliaotian.android) appli ...) NOT-FOR-US: KKtalk CVE-2012-1475 (Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yag ...) NOT-FOR-US: YagattaTalk Messenge CVE-2012-1474 (Unspecified vulnerability in the Youni SMS (com.snda.youni) applicatio ...) NOT-FOR-US: Youni SMS CVE-2012-1473 RESERVED CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not prop ...) NOT-FOR-US: VMware vCenter Chargeback Manager CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in ocPortal be ...) - ocportal (bug #625865) CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...) - ocportal (bug #625865) CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Sy ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before 2.3. ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin li ...) - ojs (low) [squeeze] - ojs (Minor issue) CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 a ...) NOT-FOR-US: NetMechanica NetDecision CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica NetDeci ...) NOT-FOR-US: NetMechanica NetDecision CVE-2012-1464 (Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remo ...) NOT-FOR-US: NetMechanica NetDecision CVE-2012-1463 (The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitd ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1462 (The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1461 (The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, C ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1460 (The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Ca ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1459 (The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avir ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1458 (The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4 ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1457 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2. ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1456 (The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1455 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83 ...) NOT-FOR-US: NOD32 Antivirus, Rising Antivirus CVE-2012-1454 (The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gate ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1453 (The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1452 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Uti ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1451 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1450 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Viru ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1449 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1448 (The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Mic ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1447 (The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, D ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1446 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee An ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1445 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, F ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1444 (The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1443 (The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Qu ...) NOTE: clamav, but upstream evaluated it as invalid (#668273) CVE-2012-1442 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee An ...) NOT-FOR-US: Multiple Antivirus applications CVE-2012-1441 (The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows r ...) NOT-FOR-US: eSafe, Prevx CVE-2012-1440 (The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eT ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1439 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, F ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1438 (The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos A ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1437 (The Microsoft Office file parser in Comodo Antivirus 7425 allows remot ...) NOT-FOR-US: Comodo Antivirus 7425 CVE-2012-1436 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1435 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1434 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1433 (The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.1 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1432 (The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1431 (The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Co ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1430 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7 ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1429 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisof ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1428 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman An ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1427 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman An ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1426 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command A ...) NOT-FOR-US: multiple Anti-Virus applications CVE-2012-1425 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2. ...) NOT-FOR-US: Multiple Antivirus applications CVE-2012-1424 (The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1423 (The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malwa ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1422 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Ant ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1421 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman An ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1420 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command A ...) NOT-FOR-US: multiple Antivirus applications CVE-2012-1419 (The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal ...) - clamav 0.97.5+dfsg-1 (low; bug #668273) [squeeze] - clamav 0.97.5+dfsg-3~squeeze1 CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before 17.0.963. ...) NOT-FOR-US: Chrome books CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local Phone boo ...) NOT-FOR-US: Yealink VoIP Phone CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCM ...) NOT-FOR-US: SocialCMS CVE-2012-1415 (Cross-site request forgery (CSRF) vulnerability in lib/logout.php in D ...) NOT-FOR-US: DFLabs PTK CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...) NOT-FOR-US: Plume CMS CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in zc_install/includes/module ...) NOT-FOR-US: Zen Cart CVE-2012-1412 RESERVED CVE-2012-1411 RESERVED CVE-2012-1410 (Multiple cross-site scripting (XSS) vulnerabilities in the History Win ...) - kadu 0.11.0-1 [squeeze] - kadu (Only affects >= 0.9) CVE-2012-1409 (Unspecified vulnerability in the Tiny Password (com.tinycouch.android. ...) NOT-FOR-US: Tiny Password CVE-2012-1408 (Unspecified vulnerability in the App Lock (com.cc.applock) application ...) NOT-FOR-US: App Lock CVE-2012-1407 (Unspecified vulnerability in the GO Message Widget (com.gau.go.launche ...) NOT-FOR-US: GO Message Widget CVE-2012-1406 (Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launch ...) NOT-FOR-US: GO Bookmark Widget CVE-2012-1405 (Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex ...) NOT-FOR-US: GO Note Widget CVE-2012-1404 (Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.bro ...) NOT-FOR-US: Dolphin Browser Mini CVE-2012-1403 (Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.brows ...) NOT-FOR-US: Dolphin Browser CN CVE-2012-1402 (Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) ...) NOT-FOR-US: QianXun YingShi CVE-2012-1401 (Unspecified vulnerability in the CamScanner (com.intsig.camscanner) ap ...) NOT-FOR-US: CamScanner CVE-2012-1400 (Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) appli ...) NOT-FOR-US: U+Box CVE-2012-1399 (Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2 ...) NOT-FOR-US: U+Box CVE-2012-1398 (Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex ...) NOT-FOR-US: GO WeiboWidget CVE-2012-1397 (Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcher ...) NOT-FOR-US: GO QQWeiboWidget CVE-2012-1396 (Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.go ...) NOT-FOR-US: GO FBWidget CVE-2012-1395 (Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.g ...) NOT-FOR-US: GO TwiWidget CVE-2012-1394 (Unspecified vulnerability in the GO Email Widget (com.gau.go.launchere ...) NOT-FOR-US: GO Email Widget CVE-2012-1393 (Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application ...) NOT-FOR-US: GO SMS Pro CVE-2012-1392 (Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyB ...) NOT-FOR-US: Dolphin Browser HD CVE-2012-1391 (Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tio ...) NOT-FOR-US: mOffice - Outlook sync CVE-2012-1390 (Unspecified vulnerability in the Miso (com.bazaarlabs.miso) applicatio ...) NOT-FOR-US: Miso CVE-2012-1389 (Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) a ...) NOT-FOR-US: Di Long Weibo CVE-2012-1388 (Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) ap ...) NOT-FOR-US: XiXunTianTian CVE-2012-1387 (Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) applica ...) NOT-FOR-US: RealTalk CVE-2012-1386 (Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.yo ...) NOT-FOR-US: YouMail Visual Voicemail Plus CVE-2012-1385 (Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) ap ...) NOT-FOR-US: NetEase WeiboHD CVE-2012-1384 (Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) app ...) NOT-FOR-US: NetEase Pmail CVE-2012-1383 (Unspecified vulnerability in the NetEase Reader (com.netease.pris) app ...) NOT-FOR-US: NetEase Reader CVE-2012-1382 (Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) a ...) NOT-FOR-US: Youdao Dictionary CVE-2012-1381 (Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloud ...) NOT-FOR-US: NetEase CloudAlbum CVE-2012-1380 (Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) applica ...) NOT-FOR-US: NetEaseWeibo CVE-2012-1379 RESERVED CVE-2012-1378 RESERVED CVE-2012-1377 RESERVED CVE-2012-1376 RESERVED CVE-2012-1375 RESERVED CVE-2012-1374 RESERVED CVE-2012-1373 RESERVED CVE-2012-1372 RESERVED CVE-2012-1371 RESERVED CVE-2012-1370 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows re ...) NOT-FOR-US: Cisco CVE-2012-1369 RESERVED CVE-2012-1368 RESERVED CVE-2012-1367 (The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and ...) NOT-FOR-US: Cisco CVE-2012-1366 (Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listene ...) NOT-FOR-US: Cisco IOS CVE-2012-1365 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authent ...) NOT-FOR-US: Cisco CVE-2012-1364 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authent ...) NOT-FOR-US: Cisco CVE-2012-1363 RESERVED CVE-2012-1362 RESERVED CVE-2012-1361 (Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) featu ...) NOT-FOR-US: Cisco CVE-2012-1360 RESERVED CVE-2012-1359 RESERVED CVE-2012-1358 RESERVED CVE-2012-1357 (The igmp_snoop_orib_fill_source_update function in the IGMP process in ...) NOT-FOR-US: NX-OS CVE-2012-1356 RESERVED CVE-2012-1355 RESERVED CVE-2012-1354 RESERVED CVE-2012-1353 RESERVED CVE-2012-1352 RESERVED CVE-2012-1351 RESERVED CVE-2012-1350 (Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attacke ...) NOT-FOR-US: Cisco IOS CVE-2012-1349 RESERVED CVE-2012-1348 (Cisco Wide Area Application Services (WAAS) appliances with software 4 ...) NOT-FOR-US: Cisco Wide Area Application Services CVE-2012-1347 RESERVED CVE-2012-1346 (Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause ...) NOT-FOR-US: Cisco Emergency Responder CVE-2012-1345 RESERVED CVE-2012-1344 (Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allo ...) NOT-FOR-US: Cisco IOS CVE-2012-1343 RESERVED CVE-2012-1342 (Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote att ...) NOT-FOR-US: Cisco Carrier Routing System CVE-2012-1341 RESERVED CVE-2012-1340 (The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 ...) NOT-FOR-US: Cisco MDS NX-OS CVE-2012-1339 (The Fabric Interconnect component in Cisco Unified Computing System (U ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-1338 (Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allo ...) NOT-FOR-US: Cisco IOS CVE-2012-1337 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx CVE-2012-1336 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx CVE-2012-1335 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...) NOT-FOR-US: Cisco WebEx CVE-2012-1334 RESERVED CVE-2012-1333 RESERVED CVE-2012-1332 RESERVED CVE-2012-1331 RESERVED CVE-2012-1330 RESERVED CVE-2012-1329 RESERVED CVE-2012-1328 (Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 ...) NOT-FOR-US: Cisco IP Phone CVE-2012-1327 (dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 al ...) NOT-FOR-US: Cisco IOS CVE-2012-1326 (Cisco IronPort Web Security Appliance up to and including 7.5 does not ...) NOT-FOR-US: Cisco CVE-2012-1325 RESERVED CVE-2012-1324 (Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, ...) NOT-FOR-US: Cisco IOS CVE-2012-1323 RESERVED CVE-2012-1322 RESERVED CVE-2012-1321 RESERVED CVE-2012-1320 RESERVED CVE-2012-1319 RESERVED CVE-2012-1318 RESERVED CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows remo ...) NOT-FOR-US: Cisco IOS CVE-2012-1316 (Cisco IronPort Web Security Appliance does not check for certificate r ...) NOT-FOR-US: Cisco CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall i ...) NOT-FOR-US: Cisco IOS CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote atta ...) NOT-FOR-US: Cisco IOS CVE-2012-1313 (The remote debug shell on the PALO adapter card in Cisco Unified Compu ...) NOT-FOR-US: Cisco Unified Computing System CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...) NOT-FOR-US: Cisco IOS CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through ...) NOT-FOR-US: Cisco IOS CVE-2012-1310 (Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, ...) NOT-FOR-US: Cisco IOS CVE-2012-1309 RESERVED CVE-2012-1308 (Cross-site request forgery (CSRF) vulnerability in redpass.cgi in D-Li ...) NOT-FOR-US: D-Link CVE-2012-1307 RESERVED CVE-2012-1306 RESERVED CVE-2012-1305 RESERVED CVE-2012-1304 RESERVED CVE-2012-1303 (Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash ...) NOT-FOR-US: amCharts Flash CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 all ...) NOT-FOR-US: amMap CVE-2012-1301 (The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to ...) NOT-FOR-US: Umbraco CVE-2012-1300 RESERVED CVE-2012-1299 RESERVED CVE-2012-1298 RESERVED CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in main.php ...) NOT-FOR-US: Contao CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/hand ...) NOT-FOR-US: Elefant CMS CVE-2012-1295 RESERVED CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote att ...) NOT-FOR-US: CONTIMEX Impulsio CMS CVE-2012-1292 (Unspecified vulnerability in the MessagingSystem servlet in SAP NetWea ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1291 (Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProces ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1290 (Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allo ...) NOT-FOR-US: SAP NetWeaver CVE-2012-1293 (Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' F ...) {DSA-2414-1} - fex 20120215-1 (low; bug #660621) CVE-2012-1288 (The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device us ...) NOT-FOR-US: UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock CVE-2012-1287 RESERVED CVE-2012-1286 RESERVED CVE-2012-1285 RESERVED CVE-2012-1284 RESERVED CVE-2012-1283 RESERVED CVE-2012-1282 RESERVED CVE-2012-1281 RESERVED CVE-2012-1280 RESERVED CVE-2012-1279 RESERVED CVE-2012-1278 RESERVED CVE-2012-1277 RESERVED CVE-2012-1276 RESERVED CVE-2012-1275 RESERVED CVE-2012-1274 RESERVED CVE-2012-1273 RESERVED CVE-2012-1272 RESERVED CVE-2012-1271 RESERVED CVE-2012-1270 RESERVED CVE-2012-1269 RESERVED CVE-2012-1268 RESERVED CVE-2012-1267 RESERVED CVE-2012-1266 RESERVED CVE-2012-1265 RESERVED CVE-2012-1264 (Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.50 ...) NOT-FOR-US: Gretech GOM Media Player CVE-2012-1263 RESERVED CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi i ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusion ...) NOT-FOR-US: Plixer CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in P ...) NOT-FOR-US: Plixer CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International Scrutin ...) NOT-FOR-US: Plixer CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & ...) NOT-FOR-US: Plixer CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...) - pidgin (unimportant) NOTE: Negligible local information disclosure CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before 2010.1.1.8 ...) NOT-FOR-US: EasyVista CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remot ...) NOT-FOR-US: Segue (CMS) CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier ...) NOT-FOR-US: Segue (CMS) CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0 ...) - roundcube 0.7-1 (low) [squeeze] - roundcube (Minor issue) CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows ...) - rssowl (bug #346541) CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates from SSL ...) NOT-FOR-US: Opera CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not properly ...) NOT-FOR-US: Logitec LAN-W300N/R device CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does not pr ...) NOT-FOR-US: iLunascape CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not properly h ...) NOT-FOR-US: BaserCMS CVE-2012-1247 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...) NOT-FOR-US: KENT-WEB WEB MART CVE-2012-1246 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...) NOT-FOR-US: KENT-WEB WEB MART CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls function ...) NOT-FOR-US: OSQA CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for Android d ...) NOT-FOR-US: Android app CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not properl ...) NOT-FOR-US: Android app CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, ...) NOT-FOR-US: various Ichitaro products CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 d ...) NOT-FOR-US: ActiveScriptRuby CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikun ...) NOT-FOR-US: RECRUIT Dokodemo CVE-2012-1239 (The TopAccess web-based management interface on TOSHIBA TEC e-Studio m ...) NOT-FOR-US: TOSHIBA TEC e-Studio CVE-2012-1238 (Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remot ...) NOT-FOR-US: SENCHA SNS CVE-2012-1237 (Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1 ...) NOT-FOR-US: SENCHA SNS CVE-2012-1236 (Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter ...) NOT-FOR-US: Janetter CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-1233 RESERVED CVE-2012-1232 RESERVED CVE-2012-1231 RESERVED CVE-2012-1230 RESERVED CVE-2012-1229 RESERVED CVE-2012-1228 RESERVED CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...) NOT-FOR-US: pluck CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alp ...) - dolibarr 3.3.4-1 CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and ...) - dolibarr 3.3.4-1 CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in system/classes/login.php i ...) NOT-FOR-US: ContentLion Alpha CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search space of ...) NOT-FOR-US: RabidHamster CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlie ...) NOT-FOR-US: RabidHamster CVE-2012-1221 (Directory traversal vulnerability in the telnet server in RabidHamster ...) NOT-FOR-US: RabidHamster CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in modules/config/admi ...) NOT-FOR-US: GAzie CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2 ...) NOT-FOR-US: freelancerKit CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow rem ...) NOT-FOR-US: freelancerKit CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Por ...) NOT-FOR-US: STHS CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in admin.ph ...) NOT-FOR-US: PBBoard CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...) NOT-FOR-US: Yoono extension CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...) NOT-FOR-US: Yoono Desktop Application CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbr ...) NOT-FOR-US: Zimbra Web Client CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName ...) NOT-FOR-US: Semantic Enterprise Wiki CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Pow ...) NOT-FOR-US: Powie pFile CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allo ...) NOT-FOR-US: Powie pFile CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in backend/core/engine/base.p ...) NOT-FOR-US: Fork CMS CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in backend/core/en ...) NOT-FOR-US: Fork CMS CVE-2012-1207 (Directory traversal vulnerability in frontend/core/engine/javascript.p ...) NOT-FOR-US: Fork CMS CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote ...) NOT-FOR-US: Hancom Office CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php in Relo ...) NOT-FOR-US: Relocate Upload plugin CVE-2012-1204 RESERVED CVE-2012-1203 (Cross-site request forgery (CSRF) vulnerability in starnet/index.php i ...) NOT-FOR-US: SyndeoCMS CVE-2012-1202 RESERVED CVE-2012-1201 RESERVED CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow r ...) NOT-FOR-US: Nova CMS CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis a ...) - acidbase (unimportant) NOTE: requires register_globals to be on CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 al ...) - acidbase (unimportant; bug #661020) NOTE: unreproducible issue, extremely low on details in original report CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 13 ...) NOT-FOR-US: ACDSee CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service (WSVulner ...) NOT-FOR-US: Lenovo ThinkManagement Console CVE-2012-1195 (Unrestricted file upload vulnerability in andesk/managementsuite/core/ ...) NOT-FOR-US: Lenovo ThinkManagement Console CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server 200 ...) NOTE: DNS protocol flaw CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites c ...) NOTE: DNS protocol flaw CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names a ...) NOTE: DNS protocol flaw CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...) - djbdns 1:1.05-10 NOTE: DNS protocol flaw NOTE: RH made an update: https://bugzilla.redhat.com/show_bug.cgi?id=838761 NOTE: https://marc.info/?l=djbdns&m=134269902121506&w=2 CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EX ...) {DSA-2414-1} - fex 20120215-1 (low; bug #660621) CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the replication-setup func ...) - phpmyadmin 4:3.4.10.1-1 (unimportant) [lenny] - phpmyadmin [squeeze] - phpmyadmin NOTE: hypothetical issue CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in ...) - torcs 1.3.3-1 (low; bug #660555) [squeeze] - torcs (Minor issue) - speed-dreams (bug #599884) CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...) NOT-FOR-US: Fork CMS CVE-2012-1187 (Bitlbee does not drop extra group privileges correctly in unix.c ...) - bitlbee 3.0.4+bzr855-1 (low) [squeeze] - bitlbee (Minor issue) CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c in Ima ...) {DSA-2462-1} - imagemagick 8:6.6.9.7-7 (bug #665007) CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) magick/prope ...) {DSA-2462-1} - imagemagick 8:6.6.9.7-7 (bug #665007) CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in main/u ...) - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) [squeeze] - asterisk (HTTP digest authentication code not present) NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the ...) {DSA-2460-1} - asterisk 1:1.8.10.0~dfsg-1 (bug #664411) NOTE: https://www.openwall.com/lists/oss-security/2012/03/16/10 CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14 ...) {DSA-2450-1} - samba 2:3.6.4-1 (bug #668309) - samba4 4.0.0~alpha19+dfsg1-1 (bug #668309) CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Se ...) {DSA-2436-1} - libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814) CVE-2012-1180 (Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1 ...) {DSA-2434-1} - nginx 1.1.17-1 (bug #664137) NOTE: http://seclists.org/oss-sec/2012/q1/644 CVE-2012-1179 (The Linux kernel before 3.3.1, when KVM is used, allows guest OS users ...) - linux-2.6 3.2.14-1 [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol plugi ...) - pidgin 2.10.2-1 (low; bug #664030) [squeeze] - pidgin (Only exploitable by malicious server) NOTE: http://pidgin.im/news/security/?id=61 CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL ...) {DSA-2482-1} - libgdata 0.10.2-1 (bug #664032) NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/3 CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi b ...) - pyfribidi 0.11.0-1 (bug #663189) [squeeze] - pyfribidi (Minor issue) CVE-2012-1175 (Integer overflow in the GnashImage::size method in libbase/GnashImage. ...) {DSA-2435-1} - gnash 0.8.10-5 (bug #664023) NOTE: https://www.openwall.com/lists/oss-security/2012/03/14/5 CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login mana ...) - systemd 44-1 (bug #664364) CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow r ...) {DSA-2447-1} - tiff3 3.9.6-2 - tiff 4.0.1-2 CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does n ...) {DSA-2465-1} - php5 5.4.0-1 (bug #663760) CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to by ...) - php5 (unimportant) NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant CVE-2012-1170 (Moodle before 2.2.2 has an external enrolment plugin context check iss ...) - moodle (Only affects 2.2) CVE-2012-1169 (Moodle before 2.2.2 has Personal information disclosure, when administ ...) - moodle (Only affects 2.0 to 2.2) CVE-2012-1168 (Moodle before 2.2.2 has a password and web services issue where when t ...) - moodle (Only affects 2.0 to 2.2) CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...) - jbossas4 (Only builds a few libraries, not the full application server) CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x be ...) - ldm 2:2.2.7-1 (bug #663645) [squeeze] - ldm (Introduced in 2.2) NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340 CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL befor ...) {DSA-2454-1} - openssl 1.0.0h-1 (low; bug #663642) NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/3 CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...) {DLA-203-1} - openldap 2.4.31-1 (low; bug #663644) [squeeze] - openldap (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2012/03/12/4 CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...) - libzip 0.10.1-1 (bug #664990) [squeeze] - libzip (Only affects 0.10.x) CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c ...) - libzip 0.10.1-1 (bug #664990) [squeeze] - libzip (Only affects 0.10.x) CVE-2012-1161 (Moodle before 2.2.2: Course information leak via hidden courses being ...) - moodle (Only affects 2.1 to 2.2) CVE-2012-1160 (Moodle before 2.2.2 has a permission issue in Forum Subscriptions wher ...) - moodle (Only affects 2.1 to 2.2) CVE-2012-1159 (Moodle before 2.2.2: Overview report allows users to see hidden course ...) - moodle (Only affects 2.1 to 2.2) CVE-2012-1158 (Moodle before 2.2.2 has a course information leak in gradebook where u ...) - moodle (Only affects 2.1 to 2.2) CVE-2012-1157 (Moodle before 2.2.2 has a default repository capabilities issue where ...) - moodle (Only affects 2.0 to 2.2) CVE-2012-1156 (Moodle before 2.2.2 has users' private files included in course backup ...) - moodle (Only affects 2.0 to 2.2) CVE-2012-1155 (Moodle has a database activity export permission issue where the expor ...) - moodle 1.9.9.dfsg2-6 (low; bug #668411) [squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4 CVE-2012-1154 (mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used ...) - libapache2-mod-cluster (bug #731410) CVE-2012-1153 (Unrestricted file upload vulnerability in addons/uploadify/uploadify.p ...) NOT-FOR-US: AppRain CMS CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting function ...) {DSA-2432-1} - libyaml-libyaml-perl 0.38-2 (bug #661548) CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD ...) {DSA-2431-1} - libdbd-pg-perl 2.19.0-1 (bug #661536) CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x b ...) {DLA-25-1} - python2.5 (low) - python2.6 2.6.8-0.1 (low) - python2.7 2.7.3~rc1-1 (low) - python3.2 3.2.3-1 (low) - python3.1 (low) [squeeze] - python2.5 (Minor issue) [squeeze] - python3.1 (Minor issue) CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, ...) {DSA-2487-1 DSA-2473-1} - libreoffice 1:3.4.5-1 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat ...) {DSA-2525-1} - xmlrpc-c 1.16.33-3.2 (low; bug #687672) [squeeze] - xmlrpc-c (Minor issue) - expat 2.1.0~beta3-1 (bug #663579) CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...) - expat (readfilemap.c is not used in *IX) CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in t ...) - linux-2.6 3.2.10-1 (low) [squeeze] - linux-2.6 (Vulnerable code not present) CVE-2012-1145 (spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterpri ...) NOT-FOR-US: RHN Satellite CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) {DSA-2428-1} - freetype 2.4.9-1 (bug #662864) CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...) - freetype 2.4.9-1 (unimportant; bug #662864) NOTE: Crash only CVE-2012-1125 (Unrestricted file upload vulnerability in uploadify/scripts/uploadify. ...) NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian) CVE-2012-1124 (SQL injection vulnerability in search.php in phxEventManager 2.0 beta ...) NOT-FOR-US: phxEventManager not in Debian CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...) {DSA-2500-1} - mantis 1.2.10-1 (bug #662858) CVE-2012-1122 (bug_actiongroup.php in MantisBT before 1.2.9 does not properly check t ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669927) CVE-2012-1121 (MantisBT before 1.2.9 does not properly check permissions, which allow ...) - mantis 1.2.10-1 (low; bug #669926) [squeeze] - mantis (according to maintainer) CVE-2012-1120 (The SOAP API in MantisBT before 1.2.9 does not properly enforce the bu ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669925) CVE-2012-1119 (MantisBT before 1.2.9 does not audit when users copy or clone a bug re ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669928) CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in MantisBT b ...) {DSA-2500-1} - mantis 1.2.10-1 (low; bug #669924) CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 al ...) NOT-FOR-US: Joomla! CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 al ...) NOT-FOR-US: Joomla! CVE-2012-1115 (A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Mana ...) - phpldapadmin 1.2.2-3 (low; bug #662050) [squeeze] - phpldapadmin (Minor issue) - ldap-account-manager 3.6-2 (low; bug #661904) [squeeze] - ldap-account-manager (Minor issue) CVE-2012-1114 (A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Mana ...) - phpldapadmin 1.2.2-3 (low; bug #662050) [squeeze] - phpldapadmin (Minor issue) - ldap-account-manager 3.6-2 (low; bug #661904) [squeeze] - ldap-account-manager (Minor issue) CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) - gallery2 2.3.2.dfsg-1 (low) [squeeze] - gallery2 (Minor issue) CVE-2012-1112 (Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier ...) NOT-FOR-US: OpenRealty CMS not in Debian CVE-2012-1111 (lightdm before 1.0.9 does not properly close file descriptors before o ...) - lightdm 1.0.9-1 (bug #658678) CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and ...) NOT-FOR-US: etano not in Debian CVE-2012-1109 (mwlib 0.13 through 0.13.4 has a denial of service vulnerability when p ...) NOT-FOR-US: mwlib not in Debian CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier al ...) - taglib 1.7.1-1 (low; bug #662705) [squeeze] - taglib (Minor issue) CVE-2012-1107 (The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and ...) - taglib 1.7.1-1 (low; bug #662705) [squeeze] - taglib (Minor issue) CVE-2012-1106 (The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2012-1105 (An Information Disclosure vulnerability exists in the Jasig Project ph ...) - moodle 2.2.7.dfsg-1 (low; bug #662945) [squeeze] - moodle (Minor issue) - glpi 0.80.7-2 (unimportant; bug #662944) NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2 library fro ...) - moodle 2.2.7.dfsg-1 (low; bug #662945) [squeeze] - moodle (Minor issue) - glpi 0.80.7-2 (unimportant; bug #662944) NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs in ...) {DSA-2416-1} - notmuch 0.11.1-1 CVE-2012-1101 (systemd 37-1 does not properly handle non-existent services, which cau ...) - systemd 43-1 (bug #662029) CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and ...) NOT-FOR-US: JBoss Operations Network CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view ...) {DSA-2466-1} - ruby-actionpack-2.3 2.3.14-3 (bug #668607) - rails 2.3.14 NOTE: (code lives within ruby-actionpack in unstable) CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...) - ruby-actionpack-2.3 2.3.14-3 (bug #668977) - rails 2.3.14 [squeeze] - rails (Vulnerable code not present) NOTE: (code lives within ruby-actionpack in unstable) CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.1 ...) {DSA-2443-1} - linux-2.6 3.2.10-1 (low) CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other users' ...) NOTE: Design limitation, not treated as a security issue by upstream: NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329#c1 CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...) - osc 0.134.0-1 (unimportant) NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc CVE-2012-1094 (JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...) - libapache2-mod-cluster (bug #731410) CVE-2012-1093 (The init script in the Debian x11-common package before 1:7.6+12 is vu ...) - xorg 1:7.6+12 (bug #661627) [squeeze] - xorg (maintainer suggests no-dsa; confirm) CVE-2012-1092 REJECTED CVE-2012-1091 REJECTED CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3 ...) {DSA-2443-1} - linux-2.6 3.2.10-1 CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 ...) NOT-FOR-US: Apache Wicket CVE-2012-1088 (iproute2 before 3.3.0 allows local users to overwrite arbitrary files ...) - iproute 20120319-1 (unimportant) NOTE: 1st issue only exploitable at build time / 2nd issue just example script in iproute-doc CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to f ...) NOT-FOR-US: bc_post2facebook extension for TYPO3 CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) ex ...) NOT-FOR-US: aeurltool extension for TYPO3 CVE-2012-1085 (Unspecified vulnerability in the BE User Switch (beuserswitch) extensi ...) NOT-FOR-US: beuserswitch for TYPO3 CVE-2012-1084 (Cross-site scripting (XSS) vulnerability in the BE User Switch (beuser ...) NOT-FOR-US: beuserswitch for TYPO3 CVE-2012-1083 (Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Sh ...) NOT-FOR-US: terminal extension TYPO3 CVE-2012-1082 (Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (te ...) NOT-FOR-US: terminal extension TYPO3 CVE-2012-1081 (Cross-site scripting (XSS) vulnerability in the Yet another Google sea ...) NOT-FOR-US: ya_googlesearch extension for TYPO3 CVE-2012-1080 (Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_e ...) NOT-FOR-US: skt_eurocalc extension for TYPO3 CVE-2012-1079 (Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservi ...) NOT-FOR-US: typo3_webservice extension for TYPO3 CVE-2012-1078 (The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 ...) NOT-FOR-US: sysutils extension for TYPO3 CVE-2012-1077 (SQL injection vulnerability in the Post data records to facebook (bc_p ...) NOT-FOR-US: bc_post2facebook extension for TYPO3 CVE-2012-1076 (Cross-site scripting (XSS) vulnerability in the Documents download (rt ...) NOT-FOR-US: rtg_files extension for TYPO3 CVE-2012-1075 (SQL injection vulnerability in the Documents download (rtg_files) exte ...) NOT-FOR-US: rtg_files extension for TYPO3 CVE-2012-1074 (SQL injection vulnerability in the White Papers (mm_whtppr) extension ...) NOT-FOR-US: mm_whtppr extension for TYPO3 CVE-2012-1073 (Cross-site scripting (XSS) vulnerability in the Category-System (toi_c ...) NOT-FOR-US: toi_category extension for TYPO3 CVE-2012-1072 (SQL injection vulnerability in the Category-System (toi_category) exte ...) NOT-FOR-US: toi_category extension for TYPO3 CVE-2012-1071 (SQL injection vulnerability in the Kitchen recipe (mv_cooking) extensi ...) NOT-FOR-US: mv_cooking extension for TYPO3 CVE-2012-1070 (Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) ext ...) NOT-FOR-US: irfaq extension for TYPO3 CVE-2012-1069 (Cross-site scripting (XSS) vulnerability in module/kb/search_word in t ...) NOT-FOR-US: lknSupport CVE-2012-1068 (Cross-site scripting (XSS) vulnerability in the rc_ajax function in co ...) NOT-FOR-US: WP-RecentComments plugin for WordPress CVE-2012-1067 (SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for ...) NOT-FOR-US: WP-RecentComments plugin for WordPress CVE-2012-1066 (Cross-site scripting (XSS) vulnerability in the template module in Sma ...) NOT-FOR-US: SmartyCMS CVE-2012-1065 (Insecure method vulnerability in TuxScripting.dll in the TuxSystem Act ...) NOT-FOR-US: TuxSystem CVE-2012-1064 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...) NOT-FOR-US: EMC RSA Archer CVE-2012-1063 (Multiple SQL injection vulnerabilities in ManageEngine Applications Ma ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2012-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Ap ...) NOT-FOR-US: ManageEngine Applications Manager CVE-2012-1061 (SQL injection vulnerability in GForge Advanced Server 6.0.0 and other ...) NOT-FOR-US: GForge Advanced Server CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in revisioning_the ...) NOT-FOR-US: Taxonomy module for Drupal CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Sh ...) NOT-FOR-US: shirt module in OSCommerce CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 al ...) NOT-FOR-US: Flyspray CVE-2012-1057 (Cross-site request forgery (CSRF) vulnerability in the clickthrough tr ...) NOT-FOR-US: Forward module for Drupal CVE-2012-1056 (The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 ...) NOT-FOR-US: Forward module for Drupal CVE-2012-1055 (Heap-based buffer overflow in PhotoLine 17.01 and possibly other versi ...) NOT-FOR-US: PhotoLine CVE-2012-1054 (Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterpr ...) {DSA-2419-1} - puppet 2.7.11-1 CVE-2012-1053 (The change_user method in the SUIDManager (lib/puppet/util/suidmanager ...) {DSA-2419-1} - puppet 2.7.11-1 CVE-2012-1052 (Buffer overflow in IvanView 1.2.15 allows remote attackers to execute ...) NOT-FOR-US: IvanView CVE-2012-1051 (Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnVi ...) NOT-FOR-US: XnView CVE-2012-1050 (Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1. ...) - mathopd (low; bug #660627) [lenny] - mathopd (Minor issue, configuration specific) [squeeze] - mathopd (Minor issue, configuration specific) NOTE: this is only an issue in specific configurations but not in the Debian configuration CVE-2012-1049 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AD ...) NOT-FOR-US: ManageEngine ADManager Plus CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in communityplusplus/www/admi ...) NOT-FOR-US: eFront Community++ CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service (js/html/wwhe ...) NOT-FOR-US: Cyberoam Central Console CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 ...) NOT-FOR-US: IBM Cognos CVE-2012-1045 RESERVED CVE-2012-1044 RESERVED CVE-2012-1043 RESERVED CVE-2012-1042 RESERVED CVE-2012-1041 RESERVED CVE-2012-1040 RESERVED CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before ...) - dotclear 2.4.2+dfsg-1 CVE-2012-1038 (Cross-site scripting (XSS) vulnerability in the WebAAA login functiona ...) NOT-FOR-US: Juniper CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.7 ...) - glpi 0.80.7-1 (bug #659383; unimportant) [squeeze] - glpi (Introduced in 0.78) NOTE: Only supported behind an authenticated HTTP zone CVE-2012-1036 (Cross-site scripting (XSS) vulnerability in the telerik HTML editor in ...) NOT-FOR-US: telerik CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for ...) NOT-FOR-US: AdaCore Ada Web Services CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin inter ...) NOT-FOR-US: EPiServer CMS CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server n ...) - bind9 1:9.8.1.dfsg.P1-4.1 (low) [squeeze] - bind9 (low-severity dns protocol design flaw) CVE-2012-1032 (Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker mo ...) NOT-FOR-US: EPiServer CMS module Euroling SiteSeeker CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in cer ...) NOT-FOR-US: EPiServer CMS CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0 ...) NOT-FOR-US: DotNetNuke CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube Ace (Ad ...) NOT-FOR-US: Tube Ace CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGro ...) NOT-FOR-US: SimpleGroupWare CVE-2012-1027 (Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]pro ...) NOT-FOR-US: project-open CVE-2012-1026 (Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 ...) NOT-FOR-US: XRay CMS CVE-2012-1025 (Absolute path traversal vulnerability in file in Enigma2 Webinterface ...) NOT-FOR-US: Enigma2 CVE-2012-1024 (Directory traversal vulnerability in file in Enigma2 Webinterface 1.5r ...) NOT-FOR-US: Enigma2 CVE-2012-1023 (Open redirect vulnerability in admin/index.php in 4images 1.7.10 allow ...) NOT-FOR-US: 4images CVE-2012-1022 (SQL injection vulnerability in admin/categories.php in 4images 1.7.10 ...) NOT-FOR-US: 4images CVE-2012-1021 (Cross-site scripting (XSS) vulnerability in admin/categories.php in 4i ...) NOT-FOR-US: 4images CVE-2012-1020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in Ne ...) NOT-FOR-US: NexorONE Online Banking CVE-2012-1019 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterpris ...) NOT-FOR-US: Xwiki Enterprise CVE-2012-1018 (Cross-site scripting (XSS) vulnerability in includes/convert.php in D- ...) NOT-FOR-US: Joomla addon CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic A ...) - acidbase (low; bug #659287) [squeeze] - acidbase (Minor issue) CVE-2012-1016 (The pkinit_server_return_padata function in plugins/preauth/pkinit/pki ...) - krb5 1.10.1+dfsg-4+nmu1 (bug #702633) [squeeze] - krb5 (introduced upstream with 3725d22140c23a376dd79b69d130be8e2b91005f, not affecting 1.8.x) CVE-2012-1015 (The kdc_handle_protected_negotiation function in the Key Distribution ...) {DSA-2518-1} - krb5 1.10.1+dfsg-2 (bug #683429) NOTE: http://seclists.org/bugtraq/2012/Jul/171 CVE-2012-1014 (The process_as_req function in the Key Distribution Center (KDC) in MI ...) {DSA-2518-1} - krb5 1.10.1+dfsg-2 (bug #683429) NOTE: http://seclists.org/bugtraq/2012/Jul/171 CVE-2012-1013 (The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmi ...) - krb5 1.10.1+dfsg-3 (low; bug #687647) [squeeze] - krb5 (Minor issue) NOTE: DoS only triggered by clients with admin permissions CVE-2012-1012 (server/server_stubs.c in the kadmin protocol implementation in MIT Ker ...) - krb5 1.10.1+dfsg-1 (bug #670918) [squeeze] - krb5 (vulnerable code not present) NOTE: bug was introduced in krb5 1.10 CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remot ...) NOT-FOR-US: Wordpress plugin CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the AllWebMen ...) NOT-FOR-US: Wordpress plugin CVE-2012-1009 (NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build ...) NOT-FOR-US: NetSarang CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: OfficeSIP Server CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1 ...) - libstruts1.2-java (unimportant; bug #657870) NOTE: Just examples CVE-2012-1006 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2 ...) - libstruts1.2-java (Only affects Struts 2) CVE-2012-1005 (Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software ...) NOT-FOR-US: Sphinx Software Mobile Web Server CVE-2012-1004 (Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm ...) - foswiki (bug #509864) CVE-2012-1003 (Multiple integer overflows in Opera 11.60 and earlier allow remote att ...) NOT-FOR-US: Opera CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x before ...) NOT-FOR-US: OpenConf CVE-2012-1001 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2. ...) NOT-FOR-US: Chyrp CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 an ...) NOT-FOR-US: LEPTON CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON before 1 ...) NOT-FOR-US: LEPTON CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in LEPTON ...) NOT-FOR-US: LEPTON CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...) NOT-FOR-US: 11in1 CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12- ...) NOT-FOR-US: 11in1 CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 ...) NOT-FOR-US: ZENphoto CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in zp-core/ad ...) NOT-FOR-US: ZENphoto CVE-2012-0993 (Eval injection vulnerability in zp-core/zp-extensions/viewer_size_imag ...) NOT-FOR-US: ZENphoto CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenti ...) NOT-FOR-US: OpenEMR CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow re ...) NOT-FOR-US: OpenEMR CVE-2012-0990 (Cross-site request forgery (CSRF) vulnerability in admin/settings/upda ...) NOT-FOR-US: DClassifieds CVE-2012-0989 (Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial ...) NOT-FOR-US: OneOrZero AIMS CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefau ...) NOT-FOR-US: KnowledgeTree CVE-2012-0987 (Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x ...) NOT-FOR-US: ImpressCMS CVE-2012-0986 (Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS 1.2. ...) NOT-FOR-US: ImpressCMS CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control 4.0. ...) NOT-FOR-US: Sony VAIO wireless LAN management ActiveX CVE-2012-0984 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2. ...) NOT-FOR-US: Xoops CVE-2012-0983 (SQL injection vulnerability in Scriptsez.net Ez Album allows remote at ...) NOT-FOR-US: Ez Album CVE-2012-0982 (SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone ...) NOT-FOR-US: Vastal I-Tech Agent Zone CVE-2012-0981 (Directory traversal vulnerability in phpShowtime 2.0 allows remote att ...) NOT-FOR-US: phpShowtime CVE-2012-0980 (SQL injection vulnerability in download.php in phux Download Manager a ...) NOT-FOR-US: phux.org Download Manager CVE-2012-0979 (Cross-site scripting (XSS) vulnerability in TWiki allows remote attack ...) - twiki CVE-2012-0978 (Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug- ...) NOT-FOR-US: LuraWave JP2 Browser Plug-In CVE-2012-0977 (Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Contr ...) NOT-FOR-US: LuraWave JP2 ActiveX Control CVE-2012-0976 (Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverSt ...) - silverstripe (bug #528461) CVE-2012-0975 (Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting ...) NOT-FOR-US: Image Hosting Script DPI CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the getParam fu ...) NOT-FOR-US: OSClass CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow r ...) NOT-FOR-US: OSClass CVE-2012-0972 REJECTED CVE-2012-0971 REJECTED CVE-2012-0970 REJECTED CVE-2012-0969 REJECTED CVE-2012-0968 REJECTED CVE-2012-0967 REJECTED CVE-2012-0966 REJECTED CVE-2012-0965 REJECTED CVE-2012-0964 REJECTED CVE-2012-0963 REJECTED CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when impor ...) - aptdaemon 0.45-2 (low) [squeeze] - aptdaemon (Vulnerable code not present) NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789 CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ub ...) - apt 0.9.7.7 (bug #695832) [squeeze] - apt (Logged as 0600 in Squeeze) CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...) NOT-FOR-US: Ubuntu Unity extension CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account infor ...) NOT-FOR-US: Ubuntu remote login service CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 fo ...) NOT-FOR-US: Firefox unity-firefox extension CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel befo ...) - linux 3.2.32-1 - linux-2.6 [squeeze] - linux-2.6 (Introduced in 3.0) NOTE: https://lkml.org/lkml/2012/10/9/550 CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows rem ...) NOT-FOR-US: ubiquity-slideshow-ubuntu CVE-2012-0955 (software-properties was vulnerable to a person-in-the-middle attack du ...) - software-properties 0.92.25debian1 NOTE: https://launchpad.net/bugs/1036839 CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...) - apt 0.7.25 (unimportant) NOTE: net-update is not enabled by default in Debian CVE-2012-0953 (A race condition was discovered in the Linux drivers for Nvidia graphi ...) - nvidia-graphics-drivers 295.53-1 CVE-2012-0952 (A heap buffer overflow was discovered in the device control ioctl in t ...) - nvidia-graphics-drivers 295.53-1 CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...) - nvidia-graphics-drivers 295.53-1 CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...) - update-manager (Ubuntu-specific) CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, ...) - update-manager (Ubuntu-specific) CVE-2012-0948 (DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12 ...) - update-manager (Ubuntu-specific) CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in the VQA ...) {DSA-2471-1} - libav 6:0.8.2-1 - ffmpeg 7:2.4.1-1 NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 NOTE: https://www.openwall.com/lists/oss-security/2012/05/03/4 CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...) - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1 CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...) NOT-FOR-US: whoopsie-daisy CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...) - aptdaemon 0.43+bzr790-1 [squeeze] - aptdaemon (Vulnerable code not present) CVE-2012-0943 (debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1 ...) - lightdm (Ubuntu-specific script) CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix ...) NOT-FOR-US: RealNetworks Helix CVE-2012-0941 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiG ...) NOT-FOR-US: Fortinet CVE-2012-0940 RESERVED CVE-2012-0939 (Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier ...) NOT-FOR-US: TestLink CVE-2012-0938 (Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and ...) NOT-FOR-US: TestLink CVE-2012-0937 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) - wordpress (unimportant) CVE-2012-0936 (Cross-site scripting (XSS) vulnerability in web/springframework/securi ...) - opennms (bug #450615) CVE-2012-0935 (SQL injection vulnerability in Default.aspx in Aryadad CMS allows remo ...) NOT-FOR-US: Aryadad CMS CVE-2012-0934 (PHP remote file inclusion vulnerability in ajax/savetag.php in the The ...) NOT-FOR-US: Wordpress plug-in CVE-2012-0933 (Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5 ...) NOT-FOR-US: Acidcat CMS CVE-2012-0932 (Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Ca ...) NOT-FOR-US: Lead Capture Page System CVE-2012-0931 (Schneider Electric Modicon Quantum PLC does not perform authentication ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0930 (Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0929 (Multiple buffer overflows in Schneider Electric Modicon Quantum PLC al ...) NOT-FOR-US: Schneider Electric Modicon Quantum PLC CVE-2012-0928 (The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0. ...) NOT-FOR-US: RealPlayer CVE-2012-0927 (Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 1 ...) NOT-FOR-US: RealPlayer CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) NOT-FOR-US: RealPlayer CVE-2012-0925 (Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer ...) NOT-FOR-US: RealPlayer CVE-2012-0924 (RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and Real ...) NOT-FOR-US: RealPlayer CVE-2012-0923 (The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...) NOT-FOR-US: RealPlayer CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15 ...) NOT-FOR-US: RealPlayer CVE-2012-0921 RESERVED CVE-2012-0920 (Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012. ...) {DSA-2456-1} - dropbear 2012.55-1 (low; bug #661150) NOTE: this is limited to authenticated users with enforced command restrictions CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Dire ...) NOT-FOR-US: Hitachi IT Operations Director CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Serv ...) NOT-FOR-US: Hitachi CVE-2012-0917 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Anal ...) NOT-FOR-US: Hitachi IT Operations Analyzer CVE-2012-0916 (Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers ...) NOT-FOR-US: RenRen Talk CVE-2012-0915 (Integer signedness error in RenRen Talk 2.9 allows remote attackers to ...) NOT-FOR-US: RenRen Talk CVE-2012-0914 (Cross-site scripting (XSS) vulnerability in display_renderers/panels_r ...) NOT-FOR-US: admin view in the Panels module for Drupal CVE-2012-0913 (SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeA ...) NOT-FOR-US: ICloudCenter ICTimeAttendance CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 all ...) NOT-FOR-US: Stoneware webNetwork CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote att ...) - tikiwiki NOTE: http://seclists.org/bugtraq/2012/Jul/19 CVE-2012-0910 RESERVED CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupw ...) - horde3 3.3.12+debian0-2.2 (low) [squeeze] - horde3 (Minor issue) CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis NeoAxis ...) NOT-FOR-US: NeoAxis NeoAxis web player CVE-2012-0906 (SQL injection vulnerability in the Moviebase addon for deV!L'z Clanpor ...) NOT-FOR-US: deV!L'z Clanportal CVE-2012-0905 (SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addo ...) NOT-FOR-US: deV!L'z Clanportal CVE-2012-0904 (VLC media player 1.1.11 allows remote attackers to cause a denial of s ...) - vlc (not reproducible, no public fix from the vlc team either) CVE-2012-0903 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop ...) NOT-FOR-US: Zimbra Desktop CVE-2012-0902 (AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of ...) NOT-FOR-US: AirTies Air CVE-2012-0901 (Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo ...) NOT-FOR-US: YouSayToo auto-publishing plugin for WordPress CVE-2012-0900 (Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1 ...) NOT-FOR-US: Beehive Forum CVE-2012-0899 (Cross-site scripting (XSS) vulnerability in referencement/sites_inscri ...) NOT-FOR-US: Annuaire PHP CVE-2012-0898 (Directory traversal vulnerability in meb_download.php in the myEASYbac ...) NOT-FOR-US: myEASYbackup plugin for WordPress CVE-2012-0897 (Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIn ...) NOT-FOR-US: IrfanView PlugIns CVE-2012-0896 (Absolute path traversal vulnerability in download.php in the Count Per ...) NOT-FOR-US: Count Per Day module for WordPress CVE-2012-0895 (Cross-site scripting (XSS) vulnerability in map/map.php in the Count P ...) NOT-FOR-US: Count Per Day module for WordPress CVE-2012-0894 RESERVED CVE-2012-0893 RESERVED CVE-2012-0892 RESERVED CVE-2012-0891 (Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboar ...) NOT-FOR-US: puppet-dashboard CVE-2012-0890 RESERVED CVE-2012-0889 RESERVED CVE-2012-0888 RESERVED CVE-2012-0887 RESERVED CVE-2012-0886 RESERVED CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLph ...) {DSA-2387-1} - simplesamlphp 1.8.2-1 NOTE: http://code.google.com/p/simplesamlphp/issues/detail?id=468 CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 i ...) {DSA-2454-1} - openssl 1.0.0h-1 (low) NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- https://www.openwall.com/lists/oss-security/2012/03/23/12 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 place ...) - apache2 (LD_LIBRARY_PATH not set in debian package) CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other v ...) - mysql-5.5 5.5.22 (bug #675872) - cyassl (Fixed before initial upload to archive) NOTE: limited information about issue, only a video of exploit taking place CVE-2012-0881 (Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to ca ...) - libxerces2-java (unimportant) NOTE: Negligible impact for Xerces CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of service ...) - xerces-c (unimportant) NOTE: Negligible impact for Xerces CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before 2. ...) {DSA-2469-1} - linux-2.6 2.6.33-1 CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...) - pastescript 1.7.5-2 (low; bug #661061) [squeeze] - pastescript (Minor issue) NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion CVE-2012-0877 (PyXML: Hash table collisions CPU usage Denial of Service ...) - python-xml CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...) {DSA-2525-1} - expat 2.1.0~beta3-1 (bug #663579) - xmlrpc-c 1.16.33-3.2 (low; bug #687672) [squeeze] - xmlrpc-c (Minor issue) - python2.6 (configured with --with-system-expat since 2.6.6-4) CVE-2012-0875 (SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged m ...) - systemtap 1.7-1 (low; bug #660929; bug #660886) [squeeze] - systemtap (Vulnerable code not present) [lenny] - systemtap (Vulnerable code not present) CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servle ...) - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin ...) NOT-FOR-US: Boonex Dolphin CVE-2012-0872 (Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 an ...) NOT-FOR-US: OxWall CVE-2012-0871 (The session_link_x11_socket function in login/logind-session.c in syst ...) - systemd 43-1 CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...) - samba 2:3.4.0~pre1-1 [lenny] - samba (pre-release issue) [squeeze] - samba (pre-release issue) CVE-2012-0868 (CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3 ...) {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 CVE-2012-0867 (PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9 ...) {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 CVE-2012-0866 (CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, ...) {DSA-2418-1} - postgresql-9.1 9.1.3-1 - postgresql-8.4 8.4.11-1 CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier ...) NOT-FOR-US: CubeCart CVE-2012-0864 (Integer overflow in the vfprintf function in stdio-common/vfprintf.c i ...) - eglibc 2.13-31 (low; bug #660611) [squeeze] - eglibc 2.11.3-4 CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for .local/sh ...) {DSA-2411-1} - mumble 1.2.3-3 (bug #659039) CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type whe ...) - xinetd 1:2.3.14-7.1 (bug #672381) [squeeze] - xinetd (Minor issue) CVE-2012-0861 (The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M ...) NOT-FOR-US: Red Hat Enterprise Virtualisation CVE-2012-0860 (Multiple untrusted search path vulnerabilities in Red Hat Enterprise V ...) NOT-FOR-US: Red Hat Enterprise Virtualisation CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in libavcodec ...) {DSA-2471-1} - libav 6:0.8.3-1 - ffmpeg 7:2.4.1-1 [squeeze] - ffmpeg 4:0.5.10-1 (bug #688849) CVE-2012-0858 (The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7 ...) {DSA-2624-1} - libav 4:0.8.1-1 - ffmpeg 7:2.2.1-1 [squeeze] - ffmpeg 4:0.5.9-1 CVE-2012-0857 (Multiple buffer overflows in the get_qcx function in the J2K decoder ( ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in libavcod ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0855 (Heap-based buffer overflow in the get_sot function in the J2K decoder ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0 ...) - libav 4:0.8.1-1 - ffmpeg (Vulnerable code not present) CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in ...) {DSA-2471-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg bef ...) {DSA-2494-1} - libav 4:0.8.1-1 - ffmpeg 7:2.4.1-1 CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcod ...) {DSA-2494-1} - libav 6:0.8.3-1 - ffmpeg 7:2.4.1-1 CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before ...) - libav 4:0.8.1-1 - ffmpeg (Vulnerable code not present) CVE-2012-0849 (Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function in liba ...) - libav 4:0.8.1-1 - ffmpeg (Code in 0.5 not affected per upstream) CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples function in ...) - libav (Vulnerable code not present) - ffmpeg (Vulnerable code not present) CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...) - webcalendar CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2. ...) {DLA-25-1} - python3.1 (low) [squeeze] - python3.1 (Minor issue) - python3.2 3.2.3~rc1-1 - python2.7 2.7.3~rc1-1 - python2.6 2.6.8-0.1 - python2.5 [squeeze] - python2.5 (Minor issue) CVE-2012-0844 (Information-disclosure vulnerability in Netsurf through 2.8 due to a w ...) - netsurf 2.8-2 (bug #659376) CVE-2012-0843 (uzbl: Information disclosure via world-readable cookies storage file ...) - uzbl 0.0.0~git.20111128-2 (bug #659379) [squeeze] - uzbl (Minor issue) CVE-2012-0842 (surf: cookie jar has read access from other local user ...) - surf 0.4.1-6 (bug #659296) CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting the abil ...) {DSA-2417-1} - libxml2 2.7.8.dfsg-8 (bug #660846) CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...) - apr 1.4.6-1 (low; bug #655435) [squeeze] - apr (exploitability in httpd extremely limited, not known to be exploitable in svn) NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...) - ocaml 4.00.0~beta2-1 (low; bug #659149) [wheezy] - ocaml (Minor issue) [squeeze] - ocaml (Minor issue) CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expressio ...) - libstruts1.2-java (struts 2 issue) CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...) NOT-FOR-US: Joomla! CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attacke ...) NOT-FOR-US: Joomla! CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x befo ...) NOT-FOR-US: Joomla! CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in php ...) - phpldapadmin 1.2.2-1 (low; bug #658907) [squeeze] - phpldapadmin (Minor issue) CVE-2012-0833 (The acllas__handle_group_entry function in servers/plugins/acl/acllas. ...) - 389-ds-base (Fixed before initial upload) CVE-2012-0832 REJECTED CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the ...) {DSA-2408-1} - php5 5.3.10-1 CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...) {DSA-2403-1} - php5 5.3.10-1 NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Me ...) NOT-FOR-US: Mibew Messenger CVE-2012-0828 (Heap-based buffer overflow in Xchat-WDK before 1499-4 (2012-01-18) xch ...) - xchat (Only affects Xchat on Windows and Maemo) CVE-2012-0827 (The File module in Drupal 7.x before 7.11, when using unspecified fiel ...) - drupal7 7.11-1 - drupal6 CVE-2012-0826 (Cross-site request forgery (CSRF) vulnerability in the Aggregator modu ...) {DSA-2776-1} - drupal7 7.11-1 - drupal6 6.26-1 CVE-2012-0825 (Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attrib ...) {DSA-2776-1} - drupal7 7.11-1 - drupal6 6.26-1 CVE-2012-0824 (gnusound 0.7.5 has format string issue ...) - gnusound (low; bug #654270) [squeeze] - gnusound 0.7.5-3+squeeze1 CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers ...) - libvpx 1.0.0-1 [squeeze] - libvpx (Introduced in 0.9.7) NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x befo ...) NOT-FOR-US: Joomla! CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allo ...) NOT-FOR-US: Joomla! CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x be ...) NOT-FOR-US: Joomla! CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allo ...) NOT-FOR-US: Joomla! CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: RESTEasy framework for JBoss CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attacker ...) - samba 2:3.6.3-1 (low) - samba4 4.0.0~alpha18.dfsg1-1 [squeeze] - samba (Only affects 3.6.x) [lenny] - samba (Only affects 3.6.x) CVE-2012-0816 REJECTED CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 al ...) {DLA-140-1} - rpm 4.9.1.3-1 (bug #667031) [squeeze] - rpm (Minor issue) CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH b ...) - openssh 1:5.6p1-1 (low; bug #657445) [squeeze] - openssh 1:5.5p1-6+squeeze2 CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in /var/log ...) - wicd 1.7.1~b3-4 (unimportant; bug #652417) NOTE: Not a security issue per se, logfile only accessible by root:adm CVE-2012-0812 (PostfixAdmin 2.3.4 has multiple XSS vulnerabilities ...) - postfixadmin 2.3.5-1 NOTE: http://seclists.org/oss-sec/2012/q1/285 CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixad ...) - postfixadmin 2.3.5-1 NOTE: http://seclists.org/oss-sec/2012/q1/285 CVE-2012-0810 (The int3 handler in the Linux kernel before 3.3 relies on a per-CPU de ...) - linux-2.6 3.2.16-1 (bug #672660) [squeeze] - linux-2.6 (rt patchset not yet present) NOTE: Ben Hutchings said it was fixed in 3.2.9-1, I checked it for 3.2.16-1 CVE-2012-0809 (Format string vulnerability in the sudo_debug function in Sudo 1.8.0 t ...) - sudo 1.8.3p2-1 (bug #657985) [squeeze] - sudo (Vulnerable code not present) [lenny] - sudo (Vulnerable code not present) CVE-2012-0808 (as31 2.3.1-4 does not seed the random number generator and generates p ...) - as31 2.3.1-5 (bug #655496) [squeeze] - as31 (The maintainer consider it a minor issue. Check comments in the bug report) CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie funct ...) - php-suhosin 0.9.33-1 (low; bug #657190) [squeeze] - php-suhosin (Exploitable in rare setups) NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote authentica ...) {DSA-2393-1} - bip 0.8.8-2 (bug #657217) [lenny] - bip (Maintainer reports vulnerable code not present) CVE-2012-0805 (Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, a ...) {DSA-2449-1} - sqlalchemy 0.6.7-1 CVE-2012-0804 (Heap-based buffer overflow in the proxy_connect function in src/client ...) {DSA-2407-1} - cvs 2:1.12.13+real-7 CVE-2012-0803 (The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows re ...) NOT-FOR-US: Apache CXF CVE-2012-0802 (Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote ...) NOT-FOR-US: spamdyke CVE-2012-0801 (lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 d ...) - moodle (Only affects 2.x) CVE-2012-0800 (The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2. ...) - moodle (Only affects 2.x) CVE-2012-0799 (Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous fr ...) - moodle (Only affects 2.x) CVE-2012-0798 (The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2. ...) - moodle (Only affects 2.x) CVE-2012-0797 (The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x befo ...) - moodle (Only affects 2.x) CVE-2012-0796 (class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0795 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, an ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0794 (The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1. ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0793 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, an ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0792 (mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authent ...) {DSA-2421-1} - moodle 1.9.9.dfsg2-5 CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP befor ...) {DSA-2485-1} - imp4 4.3.10+debian0-1.1 (bug #659392) CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...) {DSA-2651-1} - smokeping 2.6.8-2 (bug #659899) CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows r ...) - php5 5.3.9-1 (low) [squeeze] - php5 (Too intrusive to backport) CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly intera ...) {DSA-2408-1} - php5 5.3.9-1 CVE-2012-0787 (The clone_file function in transfer.c in Augeas before 1.0.0, when cop ...) {DLA-28-1} - augeas 1.0.0-1 (low; bug #731132) [wheezy] - augeas (Minor issue) CVE-2012-0786 (The transform_save function in transform.c in Augeas before 1.0.0 allo ...) {DLA-28-1} - augeas 1.0.0-1 (low; bug #731132) [wheezy] - augeas (Minor issue) CVE-2012-0885 (chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x befor ...) - asterisk 1:1.8.8.2~dfsg-1 (bug #656596) [squeeze] - asterisk (Vulnerable code not present) [lenny] - asterisk (Vulnerable code not present) NOTE: AST-2012-001 http://downloads.asterisk.org/pub/security/AST-2012-001.html CVE-2012-0784 RESERVED CVE-2012-0783 RESERVED CVE-2012-0782 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) - wordpress (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote attackers t ...) {DSA-2408-1} - php5 5.3.9-1 (low) CVE-2012-0780 (Adobe Illustrator before CS6 allows attackers to execute arbitrary cod ...) NOT-FOR-US: Adobe Illustrator CVE-2012-0779 (Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0778 (Buffer overflow in Adobe Flash Professional before CS6 allows attacker ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10 ...) NOT-FOR-US: Adobe Reader CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 ...) NOT-FOR-US: Adobe Reader CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9 ...) NOT-FOR-US: Adobe Reader CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x ...) NOT-FOR-US: Adobe Reader CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before 10.3.183.1 ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0771 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute a ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0770 (Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for f ...) NOT-FOR-US: Adobe ColdFusion CVE-2012-0769 (Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0768 (The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11 ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0767 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0765 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0764 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0763 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0762 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0761 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0760 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0759 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute a ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0758 (Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6 ...) NOT-FOR-US: Adobe Shockwave Player CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on W ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0750 RESERVED CVE-2012-0749 RESERVED CVE-2012-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in unspecif ...) NOT-FOR-US: IBM Rational Team Concert CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Managemen ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 t ...) NOT-FOR-US: IBM AIX CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attack ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_U ...) NOT-FOR-US: IBM Tivoli Event Pump CVE-2012-0741 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tes ...) NOT-FOR-US: (IBM Security AppScan Enterprise CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0739 RESERVED CVE-2012-0738 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tes ...) NOT-FOR-US: (IBM Security AppScan Enterprise CVE-2012-0737 (Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enter ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0736 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0735 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0734 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0733 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integ ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0732 (The Enterprise Console client in IBM Rational AppScan Enterprise 5.x a ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0731 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not pr ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0730 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rati ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan Enterpr ...) NOT-FOR-US: IBM Rational AppScan CVE-2012-0728 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0727 (SQL injection vulnerability in IBM Maximo Asset Management 7.5, as use ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...) NOT-FOR-US: IBM Tivoli Directory Server CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.10 ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.10 ...) NOT-FOR-US: Adobe Flash Player CVE-2012-0723 (The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, ...) NOT-FOR-US: IBM AIX, VIOS CVE-2012-0721 REJECTED CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solution C ...) NOT-FOR-US: IBM WebSphere Application CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...) NOT-FOR-US: IBM Tivoli Endpoint Manager CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...) NOT-FOR-US: IBM CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...) NOT-FOR-US: IBM Tivoli Change and Configuration Management Database CVE-2012-0714 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Ma ...) NOT-FOR-US: IBM Maximo Asset Management CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 ...) NOT-FOR-US: IBM DB2 CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 th ...) NOT-FOR-US: IBM DB2 CVE-2012-0711 (Integer signedness error in the db2dasrrm process in the DB2 Administr ...) NOT-FOR-US: IBM DB2 CVE-2012-0710 (IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 befor ...) NOT-FOR-US: IBM DB2 CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not ...) NOT-FOR-US: IBM DB2 CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...) NOT-FOR-US: IBM Rational ClearQuest CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edi ...) NOT-FOR-US: IBM WebSphere CVE-2012-0706 (IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requ ...) NOT-FOR-US: IBM Scale Out network Attached Storage (SONAS) CVE-2012-0705 (InfoSphere Import Export Manager in InfoSphere Information Server Meta ...) NOT-FOR-US: InfoSphere Information Server CVE-2012-0704 RESERVED CVE-2012-0703 (Open redirect vulnerability in Information Services Framework (ISF) in ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0702 (Information Services Framework (ISF) in IBM InfoSphere Information Ser ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0701 (The client applications in the DataStage Administrator client in InfoS ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere I ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in Family C ...) NOT-FOR-US: Family Connections CMS CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a deni ...) {DSA-2576-1} - trousers 0.3.9-1 (low; bug #692649) CVE-2012-0697 (HP StorageWorks P2000 G3 MSA array systems have a default account, whi ...) NOT-FOR-US: HP StorageWorks CVE-2012-0696 (Multiple cross-site scripting (XSS) vulnerabilities in the Executive V ...) NOT-FOR-US: IBM Cognos CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before 17.0.963. ...) NOT-FOR-US: Google Chrome books CVE-2012-0694 (SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with ...) - sugarcrm-ce-5.0 (bug #457876) NOTE: http://seclists.org/bugtraq/2012/Jun/165 CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 al ...) NOT-FOR-US: WHMCompleteSolution CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users to mod ...) NOT-FOR-US: CA License CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly restric ...) NOT-FOR-US: CA License CVE-2012-0690 (TIBCO Spotfire Web Application, Web Player Application, Automation Ser ...) NOT-FOR-US: TIBCO Spotfire CVE-2012-0689 (The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric Activ ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2012-0688 (Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platfor ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2012-0687 (TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2. ...) NOT-FOR-US: TIBCO ActiveMatrix CVE-2012-0686 RESERVED CVE-2012-0685 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...) NOT-FOR-US: XnView CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...) NOT-FOR-US: XnView CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all ...) NOT-FOR-US: Apple Remote Desktop CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete attr ...) NOT-FOR-US: Apple Safari CVE-2012-0679 (Apple Safari before 6.0 allows remote attackers to read arbitrary file ...) NOT-FOR-US: Apple Safari CVE-2012-0678 (Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 al ...) NOT-FOR-US: Apple Safari CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...) NOT-FOR-US: Apple iTunes CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state info ...) NOT-FOR-US: Apple Safari CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require continue ...) NOT-FOR-US: Time Machine CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...) NOT-FOR-US: Apple Safari CVE-2012-0673 RESERVED CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ar ...) NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute arbitr ...) NOT-FOR-US: Apple QuickTime CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote attacke ...) NOT-FOR-US: Apple QuickTime CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote attacker ...) NOT-FOR-US: Apple QuickTime CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows al ...) NOT-FOR-US: Apple QuickTime CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before 7. ...) NOT-FOR-US: Apple QuickTime CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remo ...) NOT-FOR-US: Apple QuickTime CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows ...) NOT-FOR-US: Apple QuickTime CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 ...) NOT-FOR-US: Apple QuickTime CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before 10 ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x bef ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows r ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows r ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows re ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualiz ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10. ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized mem ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0653 RESERVED CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or netwo ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 all ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in A ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...) NOT-FOR-US: Apple Mac OS X CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...) NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows remo ...) NOT-FOR-US: VPN in Apple iOS CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of ...) NOT-FOR-US: Siri CVE-2012-0644 (Race condition in the Passcode Lock feature in Apple iOS before 5.1 al ...) NOT-FOR-US: Passcode Lock in Apple iOS CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug syst ...) NOT-FOR-US: kernel in Apple iOS CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to e ...) NOT-FOR-US: Apple iOS CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request ...) NOT-FOR-US: Apple iOS CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement "From ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0638 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0637 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0636 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0635 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0634 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0633 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0632 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0631 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0630 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0629 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0628 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0627 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0626 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0625 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0624 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0623 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0622 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0621 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0620 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0619 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0618 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0617 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0616 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0615 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0614 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0613 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0612 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0611 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0610 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0609 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0608 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0607 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0606 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0605 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0604 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0603 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0602 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0601 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0600 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0599 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0598 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0597 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0596 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0595 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0594 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0593 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0592 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0591 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0590 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0589 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple i ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows ...) NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...) NOT-FOR-US: Apple Safari CVE-2012-0583 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2496-1} - mysql-5.1 5.1.62-1 (bug #670636) - mysql-5.5 5.5.23-1 CVE-2012-0582 (Unspecified vulnerability in the Siebel Clinical component in Oracle I ...) NOT-FOR-US: Oracle Industry Applications CVE-2012-0581 (Unspecified vulnerability in the Oracle Agile component in Oracle Supp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0580 (Unspecified vulnerability in the Oracle Agile PLM for Process componen ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0579 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0578 (Unspecified vulnerability in the Server component in Oracle MySQL 5.5. ...) - mysql-5.1 (Only affects 5.5) - mysql-5.5 5.5.29+dfsg-1 CVE-2012-0577 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0576 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0575 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0574 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-0573 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0572 (Unspecified vulnerability in the Server component in Oracle MySQL 5.1. ...) {DSA-2780-1} - mysql-5.1 - mysql-5.5 5.5.29+dfsg-1 CVE-2012-0571 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0570 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allow ...) NOT-FOR-US: Solaris CVE-2012-0569 (Unspecified vulnerability Oracle Sun Solaris 10 allows local users to ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-0568 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows lo ...) NOT-FOR-US: Solaris CVE-2012-0567 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0566 (Unspecified vulnerability in the Oracle Agile component in Oracle Supp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0565 (Unspecified vulnerability in the Oracle Agile component in Oracle Supp ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0563 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...) NOT-FOR-US: Oracle Solaris CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0561 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0560 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0559 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0558 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portf ...) NOT-FOR-US: Oracle Primavera Products Suite CVE-2012-0557 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0556 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0555 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0553 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5 ...) {DSA-2780-1} - mysql-5.1 (bug #712059) - mysql-5.5 5.5.28+dfsg-1 - cyassl (Fixed before initial upload to archive) NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle Da ...) NOT-FOR-US: Oracle Database Server CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Ora ...) - glassfish (Debian only builds some core libs, not the full application stack) - openjdk-6 (specific to Oracle Java) - openjdk-7 (specific to Oracle Java) CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...) - glassfish (Debian only builds some core libs, not the full application stack) CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in Or ...) NOT-FOR-US: Oracle Supply Chain Products Suite CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...) NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110 CVE-2012-0547 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-7 7u3-2.1.2-1 (low) - openjdk-6 6b24-1.11.4-1 (low) CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0544 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking com ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0543 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0542 (Unspecified vulnerability in the Oracle iStore component in Oracle E-B ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier an ...) {DSA-2496-1} - mysql-5.1 (bug #682212) - mysql-5.5 5.5.24+dfsg-1 (bug #682210) CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows lo ...) NOT-FOR-US: Oracle Sun Solaris CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0537 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0536 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0535 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0534 (Unspecified vulnerability in the RDBMS Core component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-0533 (Unspecified vulnerability in the PeopleSoft Enterprise FCSM component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0532 (Unspecified vulnerability in the Identity Manager component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0531 (Unspecified vulnerability in the PeopleSoft Enterprise Portal componen ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0530 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0528 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Database Server CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Database Server CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Database Server CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Database Server CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in Oracl ...) - gridengine 6.2u5-7.1 [squeeze] - gridengine (Unsupported in squeeze-lts) NOTE: http://www.securityfocus.com/bid/53132 NOTE: http://gridscheduler.sourceforge.net/security.html CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Database Server CVE-2012-0519 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-0518 (Unspecified vulnerability in the Oracle Application Server Single Sign ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0517 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0516 (Unspecified vulnerability in the Oracle iPlanet Web Server component i ...) NOT-FOR-US: Oracle Sun Products Suite CVE-2012-0515 (Unspecified vulnerability in the Identity Manager Connector component ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0514 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0513 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform comp ...) NOT-FOR-US: Oracle Database Server CVE-2012-0511 (Unspecified vulnerability in the OCI component in Oracle Database Serv ...) NOT-FOR-US: Oracle Database Server CVE-2012-0510 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-0509 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking compon ...) NOT-FOR-US: Oracle Financial Services Software CVE-2012-0508 (Unspecified vulnerability in the JavaFX component in Oracle Java SE Ja ...) - openjdk-6 (JavaFX not part of OpenJDK) - openjdk-7 (JavaFX not part of OpenJDK) - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0507 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) NOTE: Replacement for misused CVE-2011-3571. CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 (Only applies to the Windows-specific update tool) - openjdk-7 (Only applies to the Windows-specific update tool) - sun-java6 (Only applies to the Windows-specific update tool) CVE-2012-0503 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0502 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0501 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - sun-java6 [squeeze] - sun-java6 (Non-free not supported) NOTE: OpenJDK browser plugin is a different code base. CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - sun-java6 [squeeze] - sun-java6 (Non-free not supported) NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK. CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - sun-java6 [squeeze] - sun-java6 (Non-free not supported) NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK. CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2420-1} - openjdk-6 6b24-1.11.1-1 - openjdk-7 7~u3-2.1-1 - sun-java6 [squeeze] - sun-java6 (Non-free not supported) CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0495 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0494 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0493 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0492 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0491 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0490 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0489 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0488 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0487 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0486 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0485 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0484 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0483 RESERVED CVE-2012-0482 RESERVED CVE-2012-0481 RESERVED CVE-2012-0480 RESERVED CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thun ...) {DSA-2464-1 DSA-2458-1 DSA-2457-1} - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla Firefo ...) - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) {DSA-2464-1 DSA-2458-1 DSA-2457-1} - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0476 RESERVED CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and Se ...) - icedove 10.0.4-1 [wheezy] - icedove (Minor issue, also not fixed in ESV branch) [squeeze] - icedove (Minor issue, also not fixed in ESV branch) - iceweasel 12.0-1 (low; bug #703071) [squeeze] - iceweasel (Minor issue, also not fixed in ESV branch) [wheezy] - iceweasel (Minor issue, also not fixed in ESV branch) - iceape (low) [squeeze] - iceape (Minor issue, also not fixed in ESV branch) [wheezy] - iceape (Minor issue, also not fixed in ESV branch) NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9 CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell implementatio ...) - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x ...) - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0472 (The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, F ...) - icedove (Windows-specific) - iceweasel (Windows-specific) - iceape (Windows-specific) CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x throug ...) {DSA-2464-1 DSA-2458-1 DSA-2457-1} - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0470 (Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::Light ...) {DSA-2464-1 DSA-2458-1 DSA-2457-1} - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0469 (Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRan ...) - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0468 (The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5. ...) - icedove (Only affects Firefox 11 and above) - iceweasel (Only affects Firefox 11 and above) - iceape (Only affects Firefox 11 and above) CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2464-1 DSA-2458-1 DSA-2457-1} - icedove 10.0.4-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.4esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.4-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0466 (template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3 ...) - bugzilla (low) - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-0465 (Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, a ...) - bugzilla (low) - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla Firefox ...) - icedove 10.0.3-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.3-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0463 (The nsWindow implementation in the browser engine in Mozilla Firefox b ...) - iceweasel (Only affects Firefox Mobile on Android) CVE-2012-0462 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - icedove 10.0.3-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.3-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove 10.0.3-1 - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 CVE-2012-0460 (Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thun ...) - icedove 10.0.3-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.3-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0459 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x ...) - icedove 10.0.3-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.3-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x b ...) {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove 10.0.3-1 - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 CVE-2012-0457 (Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetwee ...) - icedove 10.0.3-1 [squeeze] - icedove (Vulnerable code not present) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel (Vulnerable code not present) - iceape 2.7.3-1 [squeeze] - iceape (Vulnerable code not present) CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4. ...) {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove 10.0.3-1 - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x b ...) {DSA-2458-1 DSA-2437-1 DSA-2433-1} - icedove 10.0.3-1 - iceweasel 10.0.3esr-1 - iceape 2.7.3-1 CVE-2012-0454 (Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Fire ...) - iceweasel (Only affects Firefox on Windows) CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzi ...) - bugzilla - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-0452 (Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Th ...) - icedove (Introduced in Thunderbird 10) - iceweasel 10.0.1-1 [squeeze] - iceweasel (Only affects Firefox >= 10) - iceape (Vulnerable version never uploaded to the archive) CVE-2012-0451 (CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Fire ...) - icedove 10.0.3-1 [squeeze] - icedove (CSP introduced in Thunderbird 3.3) - iceweasel 10.0.3esr-1 [squeeze] - iceweasel (CSP introduced in Firefox 4) - iceape 2.7.3-1 [squeeze] - iceape (CSP introduced in Seamonkey 2.1) CVE-2012-0450 (Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and ...) - icedove 10.0.3-1 [squeeze] - icedove (Only affects Firefox >= 4) - xulrunner (Only affects Firefox >= 4) - iceweasel 10.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2012-0449 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...) {DSA-2406-1 DSA-2402-1 DSA-2400-1} - icedove 10.0.3-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 10.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-10 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2012-0448 (Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7. ...) - bugzilla (low) - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-0447 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaM ...) - icedove 10.0.3-1 [squeeze] - icedove (Only affects Firefox >= 4) - xulrunner (Only affects Firefox >= 4) - iceweasel 10.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2012-0446 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) - icedove 10.0.3-1 [squeeze] - icedove (Only affects Firefox >= 4) - xulrunner (Only affects Firefox >= 4) - iceweasel 10.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2012-0445 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaM ...) - icedove 10.0.3-1 [squeeze] - icedove (Only affects Firefox >= 4) - xulrunner (Only affects Firefox >= 4) - iceweasel 10.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2012-0444 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...) {DSA-2412-1 DSA-2406-1 DSA-2402-1 DSA-2400-1} - libvorbisidec 1.0.2+svn18153-0.1 (bug #669196) [squeeze] - libvorbisidec (Minor issue, no dev-deps) - libvorbis 1.3.2-1.2 (bug #664197) - icedove 10.0.3-1 [lenny] - icedove (Vulnerable code not present) - xulrunner (Vulnerable code not present) - iceweasel 10.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-10 [lenny] - iceape (Only a stub package) CVE-2012-0443 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner (Only affects Firefox >= 4) - iceweasel 10.0-1 [lenny] - iceweasel (Only affects Firefox >= 4) [squeeze] - iceweasel (Only affects Firefox >= 4) - iceape (Only affects Firefox >= 4) CVE-2012-0442 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2406-1 DSA-2402-1 DSA-2400-1} - icedove 10.0.3-1 [lenny] - icedove - xulrunner (unimportant) - iceweasel 10.0-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.14-10 [lenny] - iceape (Only a stub package) NOTE: xulrunner in wheezy is not covered by security support CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security ...) {DSA-2490-1} - nss 3.13.4-1 CVE-2012-0440 (Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugz ...) - bugzilla (low) - bugzilla4 (bug #669643) [squeeze] - bugzilla (Minor issue) CVE-2012-0439 (An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 ...) NOT-FOR-US: GroupWise CVE-2012-0438 RESERVED CVE-2012-0437 RESERVED CVE-2012-0436 RESERVED CVE-2012-0435 (SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify ...) NOT-FOR-US: YAST CVE-2012-0434 (The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permission ...) NOT-FOR-US: Crowbar CVE-2012-0433 (The install-chef-suse.sh script shipped with crowbar before 2012-10-02 ...) NOT-FOR-US: crowbar CVE-2012-0432 (Stack-based buffer overflow in the Novell NCP implementation in NetIQ ...) NOT-FOR-US: NetIQ eDirectory CVE-2012-0431 RESERVED CVE-2012-0430 (Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 a ...) NOT-FOR-US: NetIQ eDirectory CVE-2012-0429 (dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8. ...) NOT-FOR-US: NetIQ eDirectory CVE-2012-0428 (Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x b ...) NOT-FOR-US: NetIQ eDirectory CVE-2012-0427 (yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008. ...) NOT-FOR-US: inst-source-utils CVE-2012-0426 (Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUS ...) NOT-FOR-US: SUSE Linux Enterprise for SAP Applications CVE-2012-0425 (LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE YaS ...) NOT-FOR-US: SUSE YaST CVE-2012-0424 RESERVED CVE-2012-0423 RESERVED CVE-2012-0422 RESERVED CVE-2012-0421 (The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager ...) NOT-FOR-US: SUSE Audit Log Keeper daemon CVE-2012-0420 (zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6 ...) NOT-FOR-US: SUSE Zypper CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces in Nove ...) NOT-FOR-US: Novell GroupWise CVE-2012-0418 (Unspecified vulnerability in the client in Novell GroupWise 8.0 before ...) NOT-FOR-US: Novell GroupWise CVE-2012-0417 (Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWis ...) NOT-FOR-US: Novell GroupWise CVE-2012-0416 RESERVED CVE-2012-0415 RESERVED CVE-2012-0414 (Cross-site scripting (XSS) vulnerability in the Spacewalk service in S ...) NOT-FOR-US: SuSE extension to Spacewalk CVE-2012-0413 RESERVED CVE-2012-0412 RESERVED CVE-2012-0411 (Unspecified vulnerability in Novell iPrint Client before 5.82 allows r ...) NOT-FOR-US: Novell iPrint Client CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWise bef ...) NOT-FOR-US: Groupwise CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4. ...) NOT-FOR-US: EMC CVE-2012-0408 REJECTED CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data Protection A ...) NOT-FOR-US: emc.com Data Protection Advisor CVE-2012-0406 (The DPA_Utilities.cProcessAuthenticationData function in EMC Data Prot ...) NOT-FOR-US: emc.com Data Protection Advisor CVE-2012-0405 REJECTED CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom befor ...) NOT-FOR-US: EMC Documentum eRoom CVE-2012-0403 (Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 P ...) NOT-FOR-US: EMC RSA enVision CVE-2012-0402 (EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded cre ...) NOT-FOR-US: EMC RSA enVision CVE-2012-0401 (Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before ...) NOT-FOR-US: EMC RSA enVision CVE-2012-0400 (EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the ...) NOT-FOR-US: EMC RSA enVision CVE-2012-0399 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVisio ...) NOT-FOR-US: EMC RSA enVision CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session c ...) NOT-FOR-US: EMC Documentum eRoom CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6 ...) NOT-FOR-US: EMC RSA SecurID Software Token Converter CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly e ...) NOT-FOR-US: EMC CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before ...) NOT-FOR-US: EMC CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts bef ...) - libstruts1.2-java (Affects Struts 2, #657870) CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 doe ...) - libstruts1.2-java (Affects Struts 2, #657870) CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 does n ...) - libstruts1.2-java (Affects Struts 2, #657870) CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 inter ...) - libstruts1.2-java (Affects Struts 2, #657870) CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...) - gnutls28 3.0.11-1 - gnutls26 (lacks DTLS support and is not affected) CVE-2012-0389 (Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in ...) NOT-FOR-US: MailEnable Professional CVE-2012-0388 (Memory leak in the H.323 inspection feature in the Zone-Based Firewall ...) NOT-FOR-US: Cisco IOS CVE-2012-0387 (Memory leak in the HTTP Inspection Engine feature in the Zone-Based Fi ...) NOT-FOR-US: Cisco IOS CVE-2012-0386 (The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 ...) NOT-FOR-US: Cisco IOS CVE-2012-0385 (The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allo ...) NOT-FOR-US: Cisco IOS CVE-2012-0384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x thr ...) NOT-FOR-US: Cisco IOS CVE-2012-0383 (Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allow ...) NOT-FOR-US: Cisco IOS CVE-2012-0382 (The Multicast Source Discovery Protocol (MSDP) implementation in Cisco ...) NOT-FOR-US: Cisco IOS CVE-2012-0381 (The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 throu ...) NOT-FOR-US: Cisco IOS CVE-2012-0380 RESERVED CVE-2012-0379 RESERVED CVE-2012-0378 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-0377 RESERVED CVE-2012-0376 (The voice-sipstack component in Cisco Unified Communications Manager ( ...) NOT-FOR-US: Cisco Unified Communications Manager CVE-2012-0375 RESERVED CVE-2012-0374 RESERVED CVE-2012-0373 RESERVED CVE-2012-0372 RESERVED CVE-2012-0371 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6. ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0370 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6. ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0369 (Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0368 (The administrative management interface on Cisco Wireless LAN Controll ...) NOT-FOR-US: Cisco Wireless LAN Controller CVE-2012-0367 (Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su ...) NOT-FOR-US: Cisco Unity Connection CVE-2012-0366 (Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated ...) NOT-FOR-US: Cisco Unity Connection CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload applic ...) NOT-FOR-US: Cisco SRP 520 series devices CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W- ...) NOT-FOR-US: Cisco SRP devices CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...) NOT-FOR-US: Cisco SRP devices CVE-2012-0362 (The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE ...) NOT-FOR-US: Cisco IOS CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 throug ...) NOT-FOR-US: Cisco CVE-2012-0360 (Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is ena ...) NOT-FOR-US: Cisco IOS CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...) NOT-FOR-US: Cisco Cius CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf. ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-0357 RESERVED CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances (AS ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) ...) NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches ...) NOT-FOR-US: Cisco NX-OS CVE-2012-0351 RESERVED CVE-2012-0350 RESERVED CVE-2012-0349 RESERVED CVE-2012-0348 RESERVED CVE-2012-0347 RESERVED CVE-2012-0346 RESERVED CVE-2012-0345 RESERVED CVE-2012-0344 RESERVED CVE-2012-0343 RESERVED CVE-2012-0342 RESERVED CVE-2012-0341 RESERVED CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management interface o ...) NOT-FOR-US: Cisco IronPort Encryption Appliance CVE-2012-0339 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also k ...) NOT-FOR-US: Cisco IOS CVE-2012-0338 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also k ...) NOT-FOR-US: Cisco IOS CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco Unified Meet ...) NOT-FOR-US: Cisco CVE-2012-0336 RESERVED CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco CVE-2012-0334 (Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 ha ...) NOT-FOR-US: Cisco CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and ...) NOT-FOR-US: Cisco CVE-2012-0332 RESERVED CVE-2012-0331 (Cisco TelePresence Video Communication Server with software before X7. ...) NOT-FOR-US: Cisco TelePresence Video Communication Server CVE-2012-0330 (Cisco TelePresence Video Communication Server with software before X7. ...) NOT-FOR-US: Cisco TelePresence Video Communication Server CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remot ...) NOT-FOR-US: Cisco Digital Media Manager CVE-2012-0328 (Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain ...) NOT-FOR-US: Janetter CVE-2012-0327 (Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allow ...) - redmine 1.3.2+dfsg1-1 [squeeze] - redmine (Redmine not supported because of rails) NOTE: http://jvn.jp/en/jp/JVN93406632/ NOTE: patch unclear: difficult to find the patch in 1.3.2 release CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not prope ...) NOT-FOR-US: twicca application for Android CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenk ...) - jenkins 1.424.6+dfsg-1 CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenk ...) - jenkins 1.424.6+dfsg-1 CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin be ...) NOT-FOR-US: Autocomplete plugin for SquirrelMail CVE-2012-0322 (The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for ...) NOT-FOR-US: EStrongs ES File Explorer CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet Se ...) NOT-FOR-US: Kingsoft Internet Security 2011 CVE-2012-0320 (Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-0319 (The file-management system in Movable Type before 4.38, 5.0x before 5. ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-0318 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type be ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-0317 (Multiple cross-site request forgery (CSRF) vulnerabilities in Movable ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 CVE-2012-0316 (The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier ap ...) NOT-FOR-US: Cookpad CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local ...) NOT-FOR-US: ALFTP CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the eAcc ...) NOT-FOR-US: eAccess Pocket WiFi CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...) NOT-FOR-US: glucose CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...) NOT-FOR-US: osCommerce CVE-2012-0311 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...) NOT-FOR-US: osCommerce CVE-2012-0310 (CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Casc ...) NOT-FOR-US: Cogent DataHub CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and e ...) NOT-FOR-US: Cogent DataHub CVE-2012-0308 (Cross-site request forgery (CSRF) vulnerability in Symantec Messaging ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-0307 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messag ...) NOT-FOR-US: Symantec Messaging Gateway CVE-2012-0306 (Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attacker ...) NOT-FOR-US: Symantec Ghost Solution Suite CVE-2012-0305 (Untrusted search path vulnerability in Symantec System Recovery 2011 b ...) NOT-FOR-US: Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ( ...) NOT-FOR-US: Symantec LiveUpdate Administrator CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in Brightma ...) NOT-FOR-US: Symantec Message Filter CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control Center ...) NOT-FOR-US: Symantec Message Filter CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in Symante ...) NOT-FOR-US: Symantec Message Filter CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does not prop ...) NOT-FOR-US: Symantec Message Filter CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gate ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web Gate ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-0296 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...) NOT-FOR-US: Symantec Web Gateway CVE-2012-0295 (The Manager service in the management console in Symantec Endpoint Pro ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2012-0294 (Directory traversal vulnerability in the Manager service in the manage ...) NOT-FOR-US: Symantec Endpoint Protection CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE Packag ...) NOT-FOR-US: Symantec Altiris WISE Package Studio CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT ...) NOT-FOR-US: Symantec pcAnywhere CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnyw ...) NOT-FOR-US: pcAnywhere CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnyw ...) NOT-FOR-US: Symantec pcAnywhere CVE-2012-0289 (Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x throug ...) NOT-FOR-US: Symantec Network Access Control CVE-2012-0288 RESERVED CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php in Wo ...) - wordpress 3.3.1+dfsg-1 [squeeze] - wordpress (only 3.3.x vulnerable) [lenny] - wordpress (only 3.3.x vulnerable) CVE-2012-0286 (Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwor ...) NOT-FOR-US: Stoneware webNetwork CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNe ...) NOT-FOR-US: Stoneware webNetwork CVE-2012-0284 (Stack-based buffer overflow in the SetSource method in the Cisco Links ...) NOT-FOR-US: Cisco CVE-2012-0283 (Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList func ...) - dokuwiki 0.0.20120125b-1 (low; bug #683378) [squeeze] - dokuwiki (Vulnerable functionality not present, see #683378) CVE-2012-0282 (Heap-based buffer overflow in XnView before 1.99 allows remote attacke ...) NOT-FOR-US: XnView CVE-2012-0281 RESERVED CVE-2012-0280 RESERVED CVE-2012-0279 (Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Fu ...) NOT-FOR-US: Quest (quest.com) Toad CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for I ...) NOT-FOR-US: IrfanView CVE-2012-0277 (Heap-based buffer overflow in XnView before 1.99 allows remote attacke ...) NOT-FOR-US: XnView CVE-2012-0276 (Multiple heap-based buffer overflows in XnView before 1.99 allow remot ...) NOT-FOR-US: XnView CVE-2012-0275 (Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12. ...) NOT-FOR-US: Adobe Photoshop CS5 CVE-2012-0274 RESERVED CVE-2012-0273 (Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote at ...) NOT-FOR-US: MinaliC (Webserver) CVE-2012-0272 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...) NOT-FOR-US: Novell GroupWise CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise ...) NOT-FOR-US: Novell GroupWise CVE-2012-0270 (Multiple stack-based buffer overflows in Csound before 5.16.6 allow re ...) - csound 1:5.16.6~dfsg-1 (low; bug #661197) [squeeze] - csound (Minor issue) NOTE: http://secunia.com/secunia_research/2012-3/ NOTE: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 throug ...) NOT-FOR-US: various Ichitaro products CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo ...) NOT-FOR-US: Yahoo! Messenger CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows ...) NOT-FOR-US: NTR ActiveX control CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control befor ...) NOT-FOR-US: NTR ActiveX control CVE-2012-0265 (Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows ...) NOT-FOR-US: Apple QuickTime CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly manage sess ...) NOT-FOR-US: op5 CVE-2012-0263 (monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows ...) NOT-FOR-US: op5 CVE-2012-0262 (op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and ...) NOT-FOR-US: op5 CVE-2012-0261 (license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appli ...) NOT-FOR-US: op5 CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-0259 (The GetEXIFProperty function in magick/property.c in ImageMagick befor ...) {DSA-2462-1} - imagemagick 8:6.7.4.0-4 (bug #667635) CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in the W ...) NOT-FOR-US: Invensys Wonderware Application Server CVE-2012-0257 (Heap-based buffer overflow in the WWCabFile ActiveX component in the W ...) NOT-FOR-US: Invensys Wonderware Application Server CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3. ...) - trafficserver 3.0.4-1 CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not pro ...) {DSA-2459-1} - quagga 0.99.20.1-1 CVE-2012-0254 (Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL Acti ...) NOT-FOR-US: Honeywell CVE-2012-0253 (Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pl ...) NOT-FOR-US: Demand Media Pluck SiteLife CVE-2012-0252 RESERVED CVE-2012-0251 RESERVED CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...) {DSA-2459-1} - quagga 0.99.20.1-1 CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c ...) {DSA-2459-1} - quagga 0.99.20.1-1 CVE-2012-0248 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a den ...) {DSA-2427-1} - imagemagick 8:6.6.9.7-6 (low; bug #659339) CVE-2012-0247 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a den ...) {DSA-2427-1} - imagemagick 8:6.6.9.7-6 (bug #659339) CVE-2012-0246 (Directory traversal vulnerability in an unspecified ActiveX control in ...) NOT-FOR-US: Ecava IntegraXor CVE-2012-0245 (Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Rob ...) NOT-FOR-US: ABB Robot Communications Runtime CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/Bro ...) NOT-FOR-US: ActiveX CVE-2012-0242 (Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0241 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cau ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0240 (GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0239 (uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not pr ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0238 (Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAcc ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0237 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0236 (Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers t ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0234 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAcce ...) NOT-FOR-US: Advantech/BroadWin WebAccess CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote Interfa ...) NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal CVE-2012-0231 (PRLicenseMgr.exe in the Proficy Server License Manager in GE Intellige ...) NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications CVE-2012-0230 (PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platfor ...) NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy Historia ...) NOT-FOR-US: GE Intelligent Platforms Proficy Historian CVE-2012-0228 (Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not proper ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2012-0227 (Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in Component ...) NOT-FOR-US: Open Automation Software OPC Systems.NET CVE-2012-0226 (SQL injection vulnerability in Invensys Wonderware Information Server ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2012-0225 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware Inform ...) NOT-FOR-US: Invensys Wonderware Information Server CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 a ...) NOT-FOR-US: 7-Technologies (7T) AQUIS CVE-2012-0223 (Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 ...) NOT-FOR-US: TERMIS CVE-2012-0222 (The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Al ...) NOT-FOR-US: Rockwell Automation Allen-Bradley FactoryTalk CVE-2012-0221 (The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Al ...) NOT-FOR-US: Rockwell Automation Allen-Bradley FactoryTalk CVE-2012-0220 (Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin ...) {DSA-2474-1} - ikiwiki 3.20120516 CVE-2012-0219 (Heap-based buffer overflow in the xioscan_readline function in xio-rea ...) - socat 1.7.1.3-1.3 (low; bug #672994) [squeeze] - socat (Minor issue) NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv3.html CVE-2012-0218 (Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler ...) {DSA-2501-1} - xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 CVE-2012-0217 (The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, ...) {DSA-2508-1 DSA-2501-1} - xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 - kfreebsd-8 8.3-4 (bug #677297) - kfreebsd-9 9.0-4 (bug #677298) - kfreebsd-10 10.0~svn237137-1 (bug #677299) NOTE: apparently this code is included in freebsd, xen, as well as NOTE: microsoft windows, which is also a part of this id assignment (and a NOTE: bit strangely the only os currently called out in the mitre description). NOTE: also affected the linux kernel, and was fixed 6 years earlier as CVE-2006-0744. CVE-2012-0216 (The default configuration of the apache2 package in Debian GNU/Linux s ...) {DSA-2452-1} - apache2 2.2.22-4 (low) CVE-2012-0215 (model/modelstorage.py in the Tryton application framework (trytond) be ...) {DSA-2444-1} - tryton-server 2.2.2-1 (medium) CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Ad ...) - apt 0.8.15.10 [squeeze] - apt (Vulnerable code not present) [lenny] - apt (Vulnerable code not present) CVE-2012-0213 (The UnhandledDataStructure function in hwpf/model/UnhandledDataStructu ...) {DSA-2468-1} - libjakarta-poi-java CVE-2012-0212 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11. ...) {DSA-2409-1} - devscripts 2.11.4 CVE-2012-0211 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11. ...) {DSA-2409-1} - devscripts 2.11.4 CVE-2012-0210 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11. ...) {DSA-2409-1} - devscripts 2.11.4 CVE-2012-0209 (Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edit ...) - horde3 3.3.12+debian0-2 (bug #660077) [squeeze] - horde3 (Introduced in 3.3.12) [lenny] - horde3 (Introduced in 3.3.12) CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component in Oracl ...) {DSA-2472-1} - gridengine 6.2u5-6 NOTE: http://www.securityfocus.com/bid/53123/info NOTE: http://gridscheduler.sourceforge.net/security.html CVE-2012-0207 (The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel b ...) - linux-2.6 3.1.8-2 (bug #654876) [lenny] - linux-2.6 (Introduced in 2.6.36) [squeeze] - linux-2.6 (Introduced in 2.6.36) CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2 ...) {DSA-2385-1} - pdns 3.0-1.1 (high) CVE-2012-0205 (InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0204 (Untrusted search path vulnerability in InfoSphere Import Export Manage ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0203 (Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbe ...) NOT-FOR-US: IBM InfoSphere Information Server CVE-2012-0202 (Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Ser ...) NOT-FOR-US: Admin Server in IBM Cognos TM1 CVE-2012-0201 (Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Persona ...) NOT-FOR-US: IBM Personal Communications CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly i ...) NOT-FOR-US: IBM solidDB CVE-2012-0199 (Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Mana ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2012-0198 (Stack-based buffer overflow in the RunAndUploadFile method in the Isig ...) NOT-FOR-US: IBM Tivoli Provisioning Manager Express CVE-2012-0197 RESERVED CVE-2012-0196 RESERVED CVE-2012-0195 (Cross-site scripting (XSS) vulnerability in the Start Center Layout an ...) NOT-FOR-US: IBM Maximo Asset Management and others CVE-2012-0194 (The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Se ...) NOT-FOR-US: AIX CVE-2012-0193 (IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 befor ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library mo ...) NOT-FOR-US: IBM Lotus Symphony CVE-2012-0191 (The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP ...) NOT-FOR-US: IBM Lotus Expeditor CVE-2012-0190 (Unspecified vulnerability in the Render method in the ExportHTML.ocx A ...) NOT-FOR-US: IBM SPSS Dimensions CVE-2012-0189 (Multiple unspecified vulnerabilities in the (1) PrintFile and (2) Save ...) NOT-FOR-US: IBM SPSS SamplePower CVE-2012-0188 (Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX ...) NOT-FOR-US: IBM SPSS Dimensions CVE-2012-0187 (Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6 ...) NOT-FOR-US: IBM Lotus Expeditor CVE-2012-0186 (Directory traversal vulnerability in the Eclipse Help component in IBM ...) NOT-FOR-US: IBM Lotus Expeditor CVE-2012-0185 (Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 201 ...) NOT-FOR-US: Microsoft Excel CVE-2012-0184 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...) NOT-FOR-US: Microsoft Excel CVE-2012-0183 (Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for ...) NOT-FOR-US: Microsoft Word CVE-2012-0182 (Microsoft Word 2007 SP2 and SP3 does not properly handle memory during ...) NOT-FOR-US: Microsoft Word CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-0179 (Double free vulnerability in tcpip.sys in Microsoft Windows Server 200 ...) NOT-FOR-US: Microsoft Windows CVE-2012-0178 (Race condition in partmgr.sys in Windows Partition Manager in Microsof ...) NOT-FOR-US: Microsoft Windows CVE-2012-0177 (Heap-based buffer overflow in the Office Works File Converter in Micro ...) NOT-FOR-US: Microsoft CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 ...) NOT-FOR-US: Microsoft Silverlight CVE-2012-0175 (The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2 ...) NOT-FOR-US: Microsoft Windows CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-0171 (Microsoft Internet Explorer 6 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-0170 (Microsoft Internet Explorer 6 and 7 does not properly handle objects i ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-0169 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-0168 (Microsoft Internet Explorer 6 through 9 allows user-assisted remote at ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in Microsoft Off ...) NOT-FOR-US: Microsoft Windows CVE-2012-0166 REJECTED CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 200 ...) NOT-FOR-US: Microsoft Windows CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index values, whi ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-0163 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-0162 (Microsoft .NET Framework 4 does not properly allocate buffers, which a ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-0161 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-0160 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, ...) NOT-FOR-US: Microsoft .NET Framework CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vis ...) NOT-FOR-US: Microsoft Windows CVE-2012-0158 (The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 Activ ...) NOT-FOR-US: Microsoft CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...) NOT-FOR-US: Microsoft Windows CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R ...) NOT-FOR-US: Microsoft Windows CVE-2012-0155 (Microsoft Internet Explorer 9 does not properly handle objects in memo ...) NOT-FOR-US: Microsoft CVE-2012-0154 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...) NOT-FOR-US: Microsoft CVE-2012-0153 REJECTED CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server ...) NOT-FOR-US: Microsoft Windows CVE-2012-0151 (The Authenticode Signature Verification function in Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows ...) NOT-FOR-US: Microsoft CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2 ...) NOT-FOR-US: Microsoft CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, ...) NOT-FOR-US: Microsoft CVE-2012-0147 (Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Upda ...) NOT-FOR-US: Microsoft CVE-2012-0146 (Open redirect vulnerability in Microsoft Forefront Unified Access Gate ...) NOT-FOR-US: Microsoft CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microso ...) NOT-FOR-US: Microsoft CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft ...) NOT-FOR-US: Microsoft CVE-2012-0143 (Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handl ...) NOT-FOR-US: Microsoft CVE-2012-0142 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...) NOT-FOR-US: Microsoft CVE-2012-0141 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Off ...) NOT-FOR-US: Microsoft CVE-2012-0140 REJECTED CVE-2012-0139 REJECTED CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...) NOT-FOR-US: Microsoft CVE-2012-0137 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...) NOT-FOR-US: Microsoft CVE-2012-0136 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...) NOT-FOR-US: Microsoft CVE-2012-0135 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2012-0134 (Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8 ...) NOT-FOR-US: HP OpenVMS CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include a com ...) NOT-FOR-US: HP ProCurve CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business Availability C ...) NOT-FOR-US: HP Business Availability CVE-2012-0131 (Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.1 ...) NOT-FOR-US: HP HP-UX CVE-2012-0130 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to o ...) NOT-FOR-US: HP Onboard Administrator CVE-2012-0129 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to b ...) NOT-FOR-US: HP Onboard Administrator CVE-2012-0128 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to r ...) NOT-FOR-US: HP Onboard Administrator CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows remote ...) NOT-FOR-US: HP Performance Manager CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 ...) NOT-FOR-US: HP HP-UX CVE-2012-0125 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 ...) NOT-FOR-US: HP HP-UX CVE-2012-0124 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...) NOT-FOR-US: HP Data Protector Express CVE-2012-0123 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...) NOT-FOR-US: HP Data Protector Express CVE-2012-0122 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...) NOT-FOR-US: HP Data Protector Express CVE-2012-0121 (Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.0 ...) NOT-FOR-US: HP Data Protector Express CVE-2012-0120 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0119 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0118 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0117 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) - mysql-5.1 (Only affects MySQL 5.5 from experimental) CVE-2012-0116 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0115 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0114 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0113 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0112 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0111 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox 4.1.8-dfsg-1 (bug #659950) [squeeze] - virtualbox (Vulnerable code not present, see #659950) CVE-2012-0110 (Unspecified vulnerability in the Oracle Outside In Technology componen ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0109 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2012-0108 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0107 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0106 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0105 (Unspecified vulnerability in the Oracle VM VirtualBox component in Ora ...) - virtualbox-guest-additions-iso 4.1.8-1 (bug #659951) [squeeze] - virtualbox-guest-additions-iso (Vulnerable code not present, see #659950) CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...) - glassfish (Debian package only builds a few API elements) CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Oracle Solaris Kernel CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...) NOT-FOR-US: Oracle Solaris CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...) NOT-FOR-US: Oracle Solaris CVE-2012-0098 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2012-0097 (Unspecified vulnerability in Oracle Solaris 11 Express allows local us ...) NOT-FOR-US: Oracle Solaris CVE-2012-0096 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express a ...) NOT-FOR-US: Oracle Solaris CVE-2012-0095 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0094 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allo ...) NOT-FOR-US: Oracle Solaris CVE-2012-0093 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0092 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0091 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools com ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0090 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0089 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0088 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0087 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0086 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0085 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0084 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0083 (Unspecified vulnerability in the Oracle WebCenter Content component in ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0082 (Unspecified vulnerability in the Core RDBMS component in Oracle Databa ...) NOT-FOR-US: Oracle Database Server CVE-2012-0081 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 ...) - glassfish (Debian package only builds a few API elements) CVE-2012-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0079 (Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote ...) NOT-FOR-US: Oracle OpenSSO CVE-2012-0078 (Unspecified vulnerability in the Oracle Application Object Library com ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0077 (Unspecified vulnerability in the Oracle WebLogic Server component in O ...) NOT-FOR-US: Oracle WebLogic Server CVE-2012-0076 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0075 (Unspecified vulnerability in the MySQL Server component in Oracle MySQ ...) {DSA-2429-1} - mysql-5.1 5.1.61-2 (bug #659687) CVE-2012-0074 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component i ...) NOT-FOR-US: Oracle PeopleSoft Products CVE-2012-0073 (Unspecified vulnerability in the Oracle Forms component in Oracle E-Bu ...) NOT-FOR-US: Oracle E-Business Suite CVE-2012-0072 (Unspecified vulnerability in the Listener component in Oracle Database ...) NOT-FOR-US: Oracle Database Server CVE-2012-0071 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2012-0785 (Hash collision attack vulnerability in Jenkins before 1.447, Jenkins L ...) - jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553) - jenkins-executable-war 1.25-1 (bug #655554) - jenkins 1.409.3+dfsg-2 CVE-2012-0070 (spamdyke prior to 4.2.1: STARTTLS reveals plaintext ...) NOT-FOR-US: spamdyke not in Debian CVE-2012-0069 (SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows ...) NOT-FOR-US: batavi not in Debian CVE-2012-0068 (The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x ...) {DSA-2395-1} - wireshark 1.6.5-1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670 CVE-2012-0067 (wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1. ...) {DSA-2395-1} - wireshark 1.6.5-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 CVE-2012-0066 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote att ...) {DSA-2395-1} - wireshark 1.6.5-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 CVE-2012-0065 (Heap-based buffer overflow in the receive_packet function in libusbmux ...) - usbmuxd 1.0.7-2 (medium; bug #656581) [lenny] - usbmuxd (introduced in 1.0.7) [squeeze] - usbmuxd (introduced in 1.0.7) CVE-2012-0064 (xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB de ...) - xorg-server 2:1.11.3.901-2 (high; bug #656410) [squeeze] - xorg-server (introduced in 1.11) [lenny] - xorg-server (introduced in 1.11) NOTE: actually unfixed in experimental, not marked because of version numbering CVE-2012-0063 (Insecure plugin update mechanism in tucan through 0.3.10 could allow r ...) - tucan (bug #656388) [squeeze] - tucan (Minor issue) CVE-2012-0062 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...) NOT-FOR-US: JBoss Operations Network CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...) {DLA-140-1} - rpm 4.9.1.3-1 (bug #667031) [squeeze] - rpm (Minor issue) CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which allow ...) {DLA-140-1} - rpm 4.9.1.3-1 (bug #667031) [squeeze] - rpm (Minor issue) CVE-2012-0059 (Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 inc ...) NOT-FOR-US: RHN Satellite CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3 ...) - linux-2.6 3.2.2-1 [wheezy] - linux-2.6 (introduced in 3.2-rc1) [squeeze] - linux-2.6 (introduced in 3.2-rc1) [lenny] - linux-2.6 (introduced in 3.2-rc1) CVE-2012-0057 (PHP before 5.3.9 has improper libxslt security settings, which allows ...) {DSA-2399-1} - php5 5.3.9-1 (bug #656308) CVE-2012-0056 (The mem_write function in the Linux kernel before 3.2.2, when ASLR is ...) - linux-2.6 3.2.1-2 [squeeze] - linux-2.6 (introduced in 2.6.39) [lenny] - linux-2.6 (introduced in 2.6.39) NOTE: fix is http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc (queued for 3.3) CVE-2012-0055 (OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10 ...) NOT-FOR-US: overlayfs is not (yet) in the Debian kernel CVE-2012-0054 (libs/updater.py in GoLismero 0.6.3, and other versions before Git revi ...) NOT-FOR-US: golismero not in Debian CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not pro ...) {DSA-2405-1} - apache2 2.2.22-1 (low) CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3 ...) NOT-FOR-US: JBoss Operations Network CVE-2012-0051 (Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attacke ...) - tahoe-lafs (Only affects 1.9.0, not uploaded to the archive) CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...) {DSA-2392-1} - openssl 1.0.0g-1 NOTE: http://www.openssl.org/news/secadv/20120118.txt CVE-2012-0049 (OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) t ...) {DSA-2524-1} - openttd 1.1.5-1 (low) NOTE: http://vcs.openttd.org/svn/changeset/23764 NOTE: http://security.openttd.org/en/CVE-2012-0049 CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial ...) NOTE: contacted MITRE, will be rejected CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) NOT-FOR-US: Apache Wicket CVE-2012-0046 (mediawiki allows deleted text to be exposed ...) - mediawiki 1:1.15.5-6 (low; bug #655694) [squeeze] - mediawiki 1:1.15.5-2squeeze3 [lenny] - mediawiki (Vulnerable code not present) CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM implement ...) {DSA-2443-1} - linux-2.6 3.2.2-1 [lenny] - linux-2.6 (Vulnerable code not present) CVE-2012-0044 (Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu ...) - linux-2.6 3.1.5-1 [squeeze] - linux-2.6 2.6.32-40 CVE-2012-0043 (Buffer overflow in the reassemble_message function in epan/dissectors/ ...) - wireshark 1.6.5-1 [squeeze] - wireshark (Vulnerable code not present) CVE-2012-0042 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly ...) {DSA-2395-1} - wireshark 1.6.5-1 (unimportant) NOTE: Not suitable for code injection CVE-2012-0041 (The dissect_packet function in epan/packet.c in Wireshark 1.4.x before ...) {DSA-2395-1} - wireshark 1.6.5-1 (unimportant) NOTE: Not suitable for code injection NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663 CVE-2012-0040 (Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie ...) {DSA-2387-1} - simplesamlphp 1.8.2-1 NOTE: http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function i ...) - glib2.0 (unimportant; bug #655044) CVE-2012-0038 (Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c ...) - linux-2.6 3.2.1-1 [squeeze] - linux-2.6 2.6.32-41 CVE-2012-0037 (Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 ...) {DSA-2438-1} - raptor 1.4.21-7.1 (bug #677427) CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special c ...) {DSA-2398-1} - curl 7.24.0-1 [lenny] - curl (Only affects 7.20.0 to 7.23.1) NOTE: http://curl.haxx.se/docs/adv_20120124.html CVE-2012-0035 (Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as u ...) - cedet (low; bug #655299) [squeeze] - cedet (Minor issue) - emacs23 23.3+1-5 (low; bug #655300) [squeeze] - emacs23 (Minor issue) CVE-2012-0034 (The NonManagedConnectionFactory in JBoss Enterprise Application Platfo ...) NOT-FOR-US: JBoss Enterprise Application Platform CVE-2012-0033 (The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bounced ...) - znc 0.202-2 [squeeze] - znc (Only affects 0.200 and 0.202) [lenny] - znc (Only affects 0.200 and 0.202) CVE-2012-0032 (Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissi ...) NOT-FOR-US: JBoss Operations Network CVE-2012-0031 (scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...) {DSA-2405-1} - apache2 2.2.22-1 (low) CVE-2012-0030 (Nova 2011.3 and Essex, when using the OpenStack API, allows remote aut ...) - nova 2012.1~rc1-1 CVE-2012-0029 (Heap-based buffer overflow in the process_tx_desc function in the e100 ...) {DSA-2404-1 DSA-2396-1} - qemu-kvm 1.0+dfsg-5 - xen-qemu-dm-4.0 [squeeze] - xen (vulnerable code not present) - xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 (medium) CVE-2012-0028 (The robust futex implementation in the Linux kernel before 2.6.28 does ...) - linux-2.6 2.6.32-1 CVE-2012-0027 (The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle inva ...) - openssl 1.0.0f-1 [lenny] - openssl (no GOST support) [squeeze] - openssl (no GOST support) CVE-2012-0026 REJECTED CVE-2012-0025 (Double free vulnerability in the Free_All_Memory function in jpeg/dect ...) NOT-FOR-US: libfpx CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values ...) - maradns 1.4.09-1 [squeeze] - maradns (Minor issue) [lenny] - maradns (Minor issue) NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update. CVE-2012-0023 (Double free vulnerability in the get_chunk_header function in modules/ ...) - vlc 1.1.13-1 [squeeze] - vlc (Unsupported in squeeze-lts) CVE-2012-0022 (Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7 ...) {DSA-2401-1} - tomcat5 - tomcat6 6.0.35-1 - tomcat7 7.0.23-1 CVE-2012-0021 (The log_cookie function in mod_log_config.c in the mod_log_config modu ...) - apache2 2.2.22-1 [squeeze] - apache2 (Introduced in 2.2.17) [lenny] - apache2 (Introduced in 2.2.17) CVE-2012-0020 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...) NOT-FOR-US: Microsoft CVE-2012-0019 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memo ...) NOT-FOR-US: Microsoft CVE-2012-0018 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate at ...) NOT-FOR-US: Microsoft Visio CVE-2012-0017 (Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft ...) NOT-FOR-US: Microsoft CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; Ex ...) NOT-FOR-US: Microsoft Expression Design CVE-2012-0015 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate ...) NOT-FOR-US: Microsoft CVE-2012-0014 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 befo ...) NOT-FOR-US: Microsoft CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager configurati ...) NOT-FOR-US: Microsoft Windows CVE-2012-0012 (Microsoft Internet Explorer 9 does not properly handle the creation an ...) NOT-FOR-US: Microsoft CVE-2012-0011 (Microsoft Internet Explorer 7 through 9 does not properly handle objec ...) NOT-FOR-US: Microsoft CVE-2012-0010 (Microsoft Internet Explorer 6 through 9 does not properly perform copy ...) NOT-FOR-US: Microsoft CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager con ...) NOT-FOR-US: Microsoft Windows CVE-2012-0008 (Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP ...) NOT-FOR-US: Microsoft Visual Studio 2008 CVE-2012-0007 (The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 ...) NOT-FOR-US: Microsoft Anti-Cross Site Scripting Library CVE-2012-0006 (The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP ...) NOT-FOR-US: Microsoft Windows CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsyste ...) NOT-FOR-US: Microsoft Windows CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft Window ...) NOT-FOR-US: DirectX CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library i ...) NOT-FOR-US: Microsoft Windows CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windo ...) NOT-FOR-US: Microsoft Windows