From 2f9b1f6314a054ee2cb5984f66bb0e9d553efa0e Mon Sep 17 00:00:00 2001 From: jeremylong Date: Tue, 23 Oct 2012 14:57:50 -0400 Subject: [PATCH] Lots of updates, incorporated nvd cve data. Former-commit-id: d54b2964cf11776521ee7114f536c8c3d9e14028 --- pom.xml | 58 +- src/main/config/checkstyle-checks.xml | 2 +- src/main/config/checkstyle-header.txt | 24 +- src/main/config/checkstyle-suppressions.xml | 1 + .../org/codesecure/dependencycheck/App.java | 63 +- .../codesecure/dependencycheck/Engine.java | 53 +- .../analyzer/AbstractAnalyzer.java | 20 +- .../analyzer/AnalysisException.java | 23 +- .../analyzer/AnalysisPhase.java | 20 +- .../dependencycheck/analyzer/Analyzer.java | 61 +- .../analyzer/AnalyzerService.java | 22 +- .../analyzer/ArchiveAnalyzer.java | 28 +- .../analyzer/FileNameAnalyzer.java | 39 +- .../dependencycheck/analyzer/JarAnalyzer.java | 33 +- .../data/CachedWebDataSource.java | 40 +- .../dependencycheck/data/UpdateException.java | 66 + .../dependencycheck/data/UpdateService.java | 61 + .../dependencycheck/data/cpe/CPEAnalyzer.java | 109 +- .../dependencycheck/data/cpe/Entry.java | 63 +- .../dependencycheck/data/cpe/Fields.java | 24 +- .../dependencycheck/data/cpe/Index.java | 106 +- .../data/cpe/xml/CPEHandler.java | 29 +- .../data/cpe/xml/EntrySaveDelegate.java | 20 +- .../data/cpe/xml/Importer.java | 45 +- .../dependencycheck/data/cpe/xml/Indexer.java | 24 +- .../dependencycheck/data/cve/Entry.java | 380 - .../dependencycheck/data/cve/Fields.java | 53 - .../dependencycheck/data/cve/Index.java | 254 - .../data/cve/package-info.java | 12 - .../data/cve/xml/CVEHandler.java | 350 - .../data/cve/xml/Importer.java | 75 - .../dependencycheck/data/cve/xml/Indexer.java | 102 - .../data/cve/xml/package-info.java | 12 - .../data/lucene/AbstractIndex.java | 33 +- .../data/lucene/DependencySimilarity.java | 28 +- .../data/lucene/LuceneUtils.java | 24 +- .../data/lucene/VersionAnalyzer.java | 20 +- .../dependencycheck/data/nvdcve/Fields.java | 45 + .../dependencycheck/data/nvdcve/Index.java | 525 + .../data/nvdcve/InvalidDataException.java | 47 + .../data/nvdcve/NvdCveAnalyzer.java | 225 + .../generated/AccessComplexityEnumType.java | 63 + .../generated/AccessComplexityType.java | 117 + .../generated/AccessVectorEnumType.java | 63 + .../nvdcve/generated/AccessVectorType.java | 124 + .../AssociatedExploitLocationType.java | 174 + .../generated/AuthenticationEnumType.java | 63 + .../nvdcve/generated/AuthenticationType.java | 117 + .../nvdcve/generated/BaseMetricsType.java | 376 + .../nvdcve/generated/CceParameterType.java | 156 + .../data/nvdcve/generated/CceType.java | 215 + .../nvdcve/generated/CheckReferenceType.java | 153 + .../nvdcve/generated/CheckSearchType.java | 117 + .../data/nvdcve/generated/CiaEnumType.java | 63 + .../generated/CiaRequirementEnumType.java | 65 + .../nvdcve/generated/CiaRequirementType.java | 117 + .../data/nvdcve/generated/CiaType.java | 117 + .../CollateralDamagePotentialEnumType.java | 69 + .../CollateralDamagePotentialType.java | 117 + .../nvdcve/generated/ConfidenceEnumType.java | 65 + .../data/nvdcve/generated/ConfidenceType.java | 117 + .../data/nvdcve/generated/CveStatus.java | 63 + .../data/nvdcve/generated/CveType.java | 178 + .../data/nvdcve/generated/CvssImpactType.java | 59 + .../data/nvdcve/generated/CvssType.java | 170 + .../nvdcve/generated/CweReferenceType.java | 86 + .../generated/EnvironmentalMetricsType.java | 291 + .../generated/ExploitabilityEnumType.java | 67 + .../nvdcve/generated/ExploitabilityType.java | 117 + .../data/nvdcve/generated/FactRefType.java | 86 + .../FixActionDescriptionEnumType.java | 67 + .../data/nvdcve/generated/FixActionType.java | 493 + .../generated/FixActionTypeEnumType.java | 61 + .../generated/FixEffectivenessEnumType.java | 61 + .../data/nvdcve/generated/LogicalTest.java | 183 + .../data/nvdcve/generated/MetricsType.java | 92 + .../data/nvdcve/generated/NotesType.java | 96 + .../data/nvdcve/generated/Nvd.java | 155 + .../data/nvdcve/generated/ObjectFactory.java | 423 + .../nvdcve/generated/OperatorEnumeration.java | 61 + .../nvdcve/generated/OsvdbExtensionType.java | 87 + .../data/nvdcve/generated/Patch.java | 414 + .../generated/PlatformSpecification.java | 94 + .../data/nvdcve/generated/PlatformType.java | 190 + .../data/nvdcve/generated/ReferenceType.java | 92 + .../generated/RemediationLevelEnumType.java | 67 + .../generated/RemediationLevelType.java | 117 + .../SearchableCpeReferencesType.java | 98 + .../generated/SecurityProtectionType.java | 71 + .../data/nvdcve/generated/TagType.java | 118 + .../generated/TargetDistributionEnumType.java | 67 + .../generated/TargetDistributionType.java | 117 + .../nvdcve/generated/TemporalMetricsType.java | 263 + .../data/nvdcve/generated/TextType1.java | 116 + .../data/nvdcve/generated/TextType2.java | 120 + .../generated/ToolConfigurationType.java | 120 + ...ulnerabilityReferenceCategoryEnumType.java | 71 + .../generated/VulnerabilityReferenceType.java | 236 + .../nvdcve/generated/VulnerabilityType.java | 703 + .../generated/VulnerableSoftwareType.java | 92 + .../data/nvdcve/generated/package-info.java | 9 + .../data/nvdcve/package-info.java | 12 + .../xml/EntrySaveDelegate.java | 32 +- .../data/nvdcve/xml/Importer.java | 106 + .../data/nvdcve/xml/Indexer.java | 148 + .../data/nvdcve/xml/NvdCveXmlFilter.java | 246 + .../data/nvdcve/xml/package-info.java | 12 + .../dependency/Dependency.java | 79 +- .../dependencycheck/dependency/Evidence.java | 26 +- .../dependency/EvidenceCollection.java | 59 +- .../dependency/Identifier.java | 24 +- .../dependencycheck/dependency/Reference.java | 95 + .../dependency/Vulnerability.java | 106 + .../reporting/ReportGenerator.java | 27 +- .../dependencycheck/utils/Checksum.java | 11 +- .../dependencycheck/utils/CliParser.java | 79 +- .../utils/DownloadFailedException.java | 23 +- .../dependencycheck/utils/Downloader.java | 42 +- .../dependencycheck/utils/FileUtils.java | 21 +- .../dependencycheck/utils/Filter.java | 8 +- .../utils/InvalidSettingException.java | 66 + .../dependencycheck/utils/Settings.java | 158 +- ...desecure.dependencycheck.analyzer.Analyzer | 3 +- ...e.dependencycheck.data.CachedWebDataSource | 2 + .../configuration/dependencycheck.properties | 27 + .../schema/cpe/cpe-dictionary_2.2.xsd | 156 + src/main/resources/schema/nvdcve/bindings.xml | 20 + src/main/resources/schema/nvdcve/cce_0.1.xsd | 61 + .../schema/nvdcve/cpe-language_2.1.xsd | 101 + src/main/resources/schema/nvdcve/cve_0.1.xsd | 70 + .../resources/schema/nvdcve/cvss-v2_0.2.xsd | 386 + .../schema/nvdcve/generateBindings.bat | 18 + .../schema/nvdcve/generateBindings.sh | 16 + .../schema/nvdcve/nvd-cve-feed_2.0.xsd | 57 + .../resources/schema/nvdcve/patch_0.1.xsd | 72 + .../resources/schema/nvdcve/scap-core_0.1.xsd | 139 + .../schema/nvdcve/vulnerability_0.4.xsd | 260 + src/main/resources/templates/HtmlReport.vsl | 20 +- .../dependencycheck/EngineTest.java | 8 +- .../{lucene => cpe}/BaseIndexTestCase.java | 8 +- .../data/cpe/CPEAnalyzerTest.java | 1 - .../dependencycheck/data/cpe/EntryTest.java | 1 - ...dexTest.java => IndexIntegrationTest.java} | 16 +- .../data/cpe/xml/CPEHandlerTest.java | 45 - .../data/cpe/xml/ImporterTest.java | 2 +- .../data/nvdcve/BaseIndexTestCase.java | 98 + .../data/nvdcve/IndexIntegrationTest.java | 85 + .../data/nvdcve/xml/NvdCveXmlFilterTest.java | 77 + .../reporting/ReportGeneratorTest.java | 2 +- .../dependencycheck/utils/ChecksumTest.java | 2 +- .../dependencycheck/utils/SettingsTest.java | 6 +- .../nvdcve-2.0-2012.xml.REMOVED.git-id | 1 + .../resources/nvdcve-2010.xml.REMOVED.git-id | 1 - .../resources/nvdcve-2011.xml.REMOVED.git-id | 1 - src/test/resources/nvdcve-2012.xml | 192322 --------------- src/test/resources/nvdcve.xsd | 498 - 156 files changed, 12925 insertions(+), 194795 deletions(-) create mode 100644 src/main/java/org/codesecure/dependencycheck/data/UpdateException.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/UpdateService.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/Entry.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/Fields.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/Index.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/package-info.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/xml/CVEHandler.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/xml/Importer.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/xml/Indexer.java delete mode 100644 src/main/java/org/codesecure/dependencycheck/data/cve/xml/package-info.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/Fields.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/InvalidDataException.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AssociatedExploitLocationType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/BaseMetricsType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceParameterType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckReferenceType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckSearchType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveStatus.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssImpactType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CweReferenceType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/EnvironmentalMetricsType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FactRefType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionDescriptionEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionTypeEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixEffectivenessEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/LogicalTest.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/MetricsType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/NotesType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Nvd.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ObjectFactory.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OperatorEnumeration.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OsvdbExtensionType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Patch.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformSpecification.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ReferenceType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SearchableCpeReferencesType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SecurityProtectionType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TagType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TemporalMetricsType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType1.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType2.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ToolConfigurationType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceCategoryEnumType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerableSoftwareType.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/package-info.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/package-info.java rename src/main/java/org/codesecure/dependencycheck/data/{cve => nvdcve}/xml/EntrySaveDelegate.java (50%) create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Importer.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Indexer.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilter.java create mode 100644 src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/package-info.java create mode 100644 src/main/java/org/codesecure/dependencycheck/dependency/Reference.java create mode 100644 src/main/java/org/codesecure/dependencycheck/dependency/Vulnerability.java create mode 100644 src/main/java/org/codesecure/dependencycheck/utils/InvalidSettingException.java create mode 100644 src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource create mode 100644 src/main/resources/schema/cpe/cpe-dictionary_2.2.xsd create mode 100644 src/main/resources/schema/nvdcve/bindings.xml create mode 100644 src/main/resources/schema/nvdcve/cce_0.1.xsd create mode 100644 src/main/resources/schema/nvdcve/cpe-language_2.1.xsd create mode 100644 src/main/resources/schema/nvdcve/cve_0.1.xsd create mode 100644 src/main/resources/schema/nvdcve/cvss-v2_0.2.xsd create mode 100644 src/main/resources/schema/nvdcve/generateBindings.bat create mode 100644 src/main/resources/schema/nvdcve/generateBindings.sh create mode 100644 src/main/resources/schema/nvdcve/nvd-cve-feed_2.0.xsd create mode 100644 src/main/resources/schema/nvdcve/patch_0.1.xsd create mode 100644 src/main/resources/schema/nvdcve/scap-core_0.1.xsd create mode 100644 src/main/resources/schema/nvdcve/vulnerability_0.4.xsd rename src/test/java/org/codesecure/dependencycheck/data/{lucene => cpe}/BaseIndexTestCase.java (91%) rename src/test/java/org/codesecure/dependencycheck/data/cpe/{IndexTest.java => IndexIntegrationTest.java} (81%) delete mode 100644 src/test/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandlerTest.java create mode 100644 src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java create mode 100644 src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexIntegrationTest.java create mode 100644 src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java create mode 100644 src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id delete mode 100644 src/test/resources/nvdcve-2010.xml.REMOVED.git-id delete mode 100644 src/test/resources/nvdcve-2011.xml.REMOVED.git-id delete mode 100644 src/test/resources/nvdcve-2012.xml delete mode 100644 src/test/resources/nvdcve.xsd diff --git a/pom.xml b/pom.xml index 65b83d897..12dbb6c08 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ along with DependencyCheck. If not, see . --> + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 org.codesecure @@ -62,6 +62,7 @@ along with DependencyCheck. If not, see . UTF-8 + UTF-8 @@ -78,6 +79,10 @@ along with DependencyCheck. If not, see . **/*.properties **/*.gif **/*.js + **/schema/**/*.xsd + **/schema/**/*.xml + **/schema/**/*.bat + **/schema/**/*.sh false @@ -209,8 +214,24 @@ along with DependencyCheck. If not, see . ${project.build.directory}/data/cpe + + **/*IntegrationTest.java + + + org.apache.maven.plugins + maven-failsafe-plugin + 2.12.4 + + + + integration-test + verify + + + + org.apache.maven.plugins maven-site-plugin @@ -239,17 +260,17 @@ along with DependencyCheck. If not, see . - org.codehaus.mojo - versions-maven-plugin - 1.3.1 - - - - dependency-updates-report - plugin-updates-report - - - + org.codehaus.mojo + versions-maven-plugin + 1.3.1 + + + + dependency-updates-report + plugin-updates-report + + + org.apache.maven.plugins @@ -305,6 +326,19 @@ along with DependencyCheck. If not, see . src/main/config/checkstyle-checks.xml + + org.apache.maven.plugins + maven-surefire-report-plugin + 2.12.4 + + + integration-tests + + failsafe-report-only + + + + diff --git a/src/main/config/checkstyle-checks.xml b/src/main/config/checkstyle-checks.xml index 2145400c8..e3c3f5924 100644 --- a/src/main/config/checkstyle-checks.xml +++ b/src/main/config/checkstyle-checks.xml @@ -116,7 +116,7 @@ under the License. - + diff --git a/src/main/config/checkstyle-header.txt b/src/main/config/checkstyle-header.txt index 046e971a9..0d52ba3a4 100644 --- a/src/main/config/checkstyle-header.txt +++ b/src/main/config/checkstyle-header.txt @@ -2,18 +2,18 @@ ^/\*\s*$ ^ \* This file is part of DependencyCheck\.\s*$ ^ \*\s*$ -^ \* DependencyCheck is free software\: you can redistribute it and/or modify\s*$ -^ \* it under the terms of the GNU General Public License as published by\s*$ -^ \* the Free Software Foundation, either version 3 of the License, or\s*$ -^ \* \(at your option\) any later version\.\s*$ +^ \* DependencyCheck is free software\: you can redistribute it and/or modify it\s*$ +^ \* under the terms of the GNU General Public License as published by the Free\s*$ +^ \* Software Foundation, either version 3 of the License, or \(at your option\) any\s*$ +^ \* later version\. ^ \*\s*$ -^ \* DependencyCheck is distributed in the hope that it will be useful,\s*$ -^ \* but WITHOUT ANY WARRANTY\; without even the implied warranty of\s*$ -^ \* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\. See the\s*$ -^ \* GNU General Public License for more details\.\s*$ -^ \*\s* -^ \* You should have received a copy of the GNU General Public License -^ \* along with DependencyCheck\. If not, see http://www.gnu.org/licenses/\.\s*$ +^ \* DependencyCheck is distributed in the hope that it will be useful, but\s*$ +^ \* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or\s*$ +^ \* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more\s*$ +^ \* details\.\s*$ ^ \*\s*$ -^ \* Copyright \(c\) 2012 Jeremy Long. All Rights Reserved\.\s*$ +^ \* You should have received a copy of the GNU General Public License along with\s*$ +^ \* DependencyCheck\. If not, see http://www.gnu.org/licenses/\.\s*$ +^ \*\s*$ +^ \* Copyright \(c\) 2012 Jeremy Long\. All Rights Reserved\.\s*$ ^ \*/\s*$ \ No newline at end of file diff --git a/src/main/config/checkstyle-suppressions.xml b/src/main/config/checkstyle-suppressions.xml index d240c1a44..cfe9a3221 100644 --- a/src/main/config/checkstyle-suppressions.xml +++ b/src/main/config/checkstyle-suppressions.xml @@ -9,6 +9,7 @@ + diff --git a/src/main/java/org/codesecure/dependencycheck/App.java b/src/main/java/org/codesecure/dependencycheck/App.java index cea9ad9e7..a0b7ee8dc 100644 --- a/src/main/java/org/codesecure/dependencycheck/App.java +++ b/src/main/java/org/codesecure/dependencycheck/App.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -28,7 +28,6 @@ import java.util.logging.LogManager; import java.util.logging.Logger; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.cli.ParseException; -import org.codesecure.dependencycheck.data.cpe.Index; import org.codesecure.dependencycheck.data.cpe.xml.Importer; import org.codesecure.dependencycheck.reporting.ReportGenerator; import org.codesecure.dependencycheck.dependency.Dependency; @@ -38,18 +37,17 @@ import org.xml.sax.SAXException; /* * This file is part of App. * - * App is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * App is free software: you can redistribute it and/or modify it under the + * terms of the GNU General Public License as published by the Free Software + * Foundation, either version 3 of the License, or (at your option) any later + * version. * - * App is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * App is distributed in the hope that it will be useful, but WITHOUT ANY + * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + * A PARTICULAR PURPOSE. See the GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License - * along with App. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * App. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -118,16 +116,7 @@ public class App { } else if (cli.isLoadCPE()) { loadCPE(cli.getCpeFile()); } else if (cli.isRunScan()) { - if (cli.isAutoUpdate()) { - Index cpeI = new Index(); - try { - cpeI.update(); - } catch (Exception ex) { - Logger.getLogger(App.class.getName()).log(Level.SEVERE, null, ex); - } - } - - runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles()); + runScan(cli.getReportDirectory(), cli.getApplicationName(), cli.getScanFiles(), cli.isAutoUpdate()); } else { cli.printHelp(); } @@ -136,6 +125,7 @@ public class App { /** * Loads the specified CPE.XML file into Lucene Index. + * * @param cpePath */ private void loadCPE(String cpePath) { @@ -151,13 +141,16 @@ public class App { } /** - * Scans the specified directories and writes the dependency reports to the reportDirectory. - * @param reportDirectory the path to the directory where the reports will be written. + * Scans the specified directories and writes the dependency reports to the + * reportDirectory. + * + * @param reportDirectory the path to the directory where the reports will + * be written. * @param applicationName the application name for the report. * @param files the files/directories to scan. */ - private void runScan(String reportDirectory, String applicationName, String[] files) { - Engine scanner = new Engine(); + private void runScan(String reportDirectory, String applicationName, String[] files, boolean autoUpdate) { + Engine scanner = new Engine(autoUpdate); for (String file : files) { scanner.scan(file); } diff --git a/src/main/java/org/codesecure/dependencycheck/Engine.java b/src/main/java/org/codesecure/dependencycheck/Engine.java index 551634ace..9895a32e6 100644 --- a/src/main/java/org/codesecure/dependencycheck/Engine.java +++ b/src/main/java/org/codesecure/dependencycheck/Engine.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -34,6 +34,9 @@ import org.codesecure.dependencycheck.analyzer.AnalysisPhase; import org.codesecure.dependencycheck.analyzer.Analyzer; import org.codesecure.dependencycheck.analyzer.AnalyzerService; import org.codesecure.dependencycheck.analyzer.ArchiveAnalyzer; +import org.codesecure.dependencycheck.data.CachedWebDataSource; +import org.codesecure.dependencycheck.data.UpdateException; +import org.codesecure.dependencycheck.data.UpdateService; import org.codesecure.dependencycheck.utils.FileUtils; /** @@ -64,6 +67,20 @@ public class Engine { * Creates a new Engine. */ public Engine() { + doUpdates(); + loadAnalyzers(); + } + + /** + * Creates a new Engine + * + * @param autoUpdate indicates whether or not data should be updated from + * the Internet. + */ + public Engine(boolean autoUpdate) { + if (autoUpdate) { + doUpdates(); + } loadAnalyzers(); } @@ -225,4 +242,20 @@ public class Engine { } } } + + /** + * + */ + private void doUpdates() { + UpdateService service = UpdateService.getInstance(); + Iterator iterator = service.getDataSources(); + while (iterator.hasNext()) { + CachedWebDataSource source = iterator.next(); + try { + source.update(); + } catch (UpdateException ex) { + Logger.getLogger(Engine.class.getName()).log(Level.SEVERE, "Unable to update " + source.getClass().getName(), ex); + } + } + } } diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java index 17dbc86aa..639bf9ae3 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/AbstractAnalyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java index 9beda68b3..129420b57 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisException.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -36,6 +36,7 @@ public class AnalysisException extends Exception { /** * Creates a new AnalysisException. + * * @param msg a message for the exception. */ public AnalysisException(String msg) { @@ -44,6 +45,7 @@ public class AnalysisException extends Exception { /** * Creates a new AnalysisException. + * * @param ex the cause of the failure. */ public AnalysisException(Throwable ex) { @@ -52,6 +54,7 @@ public class AnalysisException extends Exception { /** * Creates a new DownloadFailedException. + * * @param msg a message for the exception. * @param ex the cause of the failure. */ diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java index e981f8b6f..45df973e9 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalysisPhase.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java b/src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java index 6a2e41c8f..3b5b30750 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/Analyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -31,58 +31,67 @@ import org.codesecure.dependencycheck.dependency.Dependency; public interface Analyzer { /** - * Analyzes the given dependency. The analysis could be anything from identifying - * an Idenifier for the dependency, to finding vulnerabilities, etc. Additionally, - * if the analyzer collects enough information to add a description or license - * information for the dependency it should be added. + * Analyzes the given dependency. The analysis could be anything from + * identifying an Idenifier for the dependency, to finding vulnerabilities, + * etc. Additionally, if the analyzer collects enough information to add a + * description or license information for the dependency it should be added. * * @param dependency a dependency to analyze. - * @throws AnalysisException is thrown if there is an error analyzing the dependency file + * @throws AnalysisException is thrown if there is an error analyzing the + * dependency file */ void analyze(Dependency dependency) throws AnalysisException; /** - *

Returns a list of supported file extensions. An example would be an analyzer - * that inspected java jar files. The getSupportedExtensions function would return - * a set with a single element "jar".

+ *

Returns a list of supported file extensions. An example would be an + * analyzer that inspected java jar files. The getSupportedExtensions + * function would return a set with a single element "jar".

+ * + *

Note: when implementing this the extensions returned MUST be + * lowercase.

* - *

Note: when implementing this the extensions returned MUST be lowercase.

* @return The file extensions supported by this analyzer. * - *

If the analyzer returns null it will not cause additional files to be analyzed - * but will be executed against every file loaded

+ *

If the analyzer returns null it will not cause additional files to be + * analyzed but will be executed against every file loaded

*/ Set getSupportedExtensions(); /** * Returns the name of the analyzer. + * * @return the name of the analyzer. */ String getName(); /** * Returns whether or not this analyzer can process the given extension. + * * @param extension the file extension to test for support. - * @return whether or not the specified file extension is supported by tihs analyzer. + * @return whether or not the specified file extension is supported by tihs + * analyzer. */ boolean supportsExtension(String extension); /** * Returns the phase that the analyzer is intended to run in. + * * @return the phase that the analyzer is intended to run in. */ AnalysisPhase getAnalysisPhase(); /** - * The initialize method is called (once) prior to the analyze method being called on - * all of the dependencies. + * The initialize method is called (once) prior to the analyze method being + * called on all of the dependencies. * - * @throws Exception is thrown if an exception occurs initializing the analyzer. + * @throws Exception is thrown if an exception occurs initializing the + * analyzer. */ void initialize() throws Exception; /** - * The close method is called after all of the dependencies have been analyzed. + * The close method is called after all of the dependencies have been + * analyzed. * * @throws Exception is thrown if an exception occurs closing the analyzer. */ diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java index 2d2bfda4a..0ae3e3896 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/AnalyzerService.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -39,6 +39,7 @@ public class AnalyzerService { /** * Retrieve the singleton instance of AnalyzerService. + * * @return a singleton AnalyzerService. */ public static synchronized AnalyzerService getInstance() { @@ -50,6 +51,7 @@ public class AnalyzerService { /** * Returns an Iterator for all instances of the Analyzer interface. + * * @return an iterator of Analyzers. */ public Iterator getAnalyzers() { diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java index a64c8ea9e..fbee38b20 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -31,14 +31,16 @@ import org.codesecure.dependencycheck.Engine; public interface ArchiveAnalyzer { /** - * An ArchiveAnalyzer expands an archive and calls the scan method of the engine on - * the exploded contents. + * An ArchiveAnalyzer expands an archive and calls the scan method of the + * engine on the exploded contents. * * @param dependency a dependency to analyze. * @param engine the engine that is scanning the dependencies. - * @throws IOException is thrown if there is an error reading the dependency file + * @throws IOException is thrown if there is an error reading the dependency + * file */ void analyze(Dependency dependency, Engine engine) throws IOException; + /** * Cleans any temporary files generated when analyzing the archive. */ diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java index 212d5de9b..6e95c10d2 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/FileNameAnalyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -46,6 +46,7 @@ public class FileNameAnalyzer implements Analyzer { /** * Returns a list of file EXTENSIONS supported by this analyzer. + * * @return a list of file EXTENSIONS supported by this analyzer. */ public Set getSupportedExtensions() { @@ -54,6 +55,7 @@ public class FileNameAnalyzer implements Analyzer { /** * Returns the name of the analyzer. + * * @return the name of the analyzer. */ public String getName() { @@ -62,8 +64,10 @@ public class FileNameAnalyzer implements Analyzer { /** * Returns whether or not this analyzer can process the given extension. + * * @param extension the file extension to test for support. - * @return whether or not the specified file extension is supported by tihs analyzer. + * @return whether or not the specified file extension is supported by tihs + * analyzer. */ public boolean supportsExtension(String extension) { return true; @@ -71,6 +75,7 @@ public class FileNameAnalyzer implements Analyzer { /** * Returns the phase that the analyzer is intended to run in. + * * @return the phase that the analyzer is intended to run in. */ public AnalysisPhase getAnalysisPhase() { @@ -91,8 +96,10 @@ public class FileNameAnalyzer implements Analyzer { /** * Determines type of the character passed in. + * * @param c a character - * @return a STRING_STATE representing whether the character is number, alpha, or other. + * @return a STRING_STATE representing whether the character is number, + * alpha, or other. */ private STRING_STATE determineState(char c) { if (c >= '0' && c <= '9') { @@ -110,7 +117,8 @@ public class FileNameAnalyzer implements Analyzer { * Collects information about the file such as hashsums. * * @param dependency the dependency to analyze. - * @throws AnalysisException is thrown if there is an error reading the JAR file. + * @throws AnalysisException is thrown if there is an error reading the JAR + * file. */ public void analyze(Dependency dependency) throws AnalysisException { @@ -119,7 +127,9 @@ public class FileNameAnalyzer implements Analyzer { } /** - * Analyzes the filename of the dependency and adds it to the evidence collections. + * Analyzes the filename of the dependency and adds it to the evidence + * collections. + * * @param dependency the dependency to analyze. */ private void analyzeFileName(Dependency dependency) { @@ -157,7 +167,6 @@ public class FileNameAnalyzer implements Analyzer { } } - /** * The initialize method does nothing for this Analyzer */ diff --git a/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java index f44d20907..7f33d7980 100644 --- a/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/analyzer/JarAnalyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.analyzer; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -57,17 +57,26 @@ public class JarAnalyzer extends AbstractAnalyzer { private static final Set IGNORE_LIST = newHashSet( "built-by", "created-by", - //"license", + "builtby", + "createdby", "build-jdk", + "buildjdk", "ant-version", + "antversion", "import-package", "export-package", + "importpackage", + "exportpackage", "sealed", "manifest-version", "archiver-version", + "manifestversion", + "archiverversion", "classpath", + "class-path", "tool", - "bundle-manifestversion"); + "bundle-manifestversion", + "bundlemanifestversion"); /** * The set of file extensions supported by this analyzer. */ diff --git a/src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java b/src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java index 9eb044b6a..c1c5bb8ae 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java +++ b/src/main/java/org/codesecure/dependencycheck/data/CachedWebDataSource.java @@ -2,30 +2,25 @@ package org.codesecure.dependencycheck.data; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ -import java.io.IOException; -import java.net.MalformedURLException; -import javax.xml.parsers.ParserConfigurationException; -import org.xml.sax.SAXException; - /** - * Defines an Index who's data is retrieved from the Internet. This data can - * be downloaded and the index updated. + * Defines an Index who's data is retrieved from the Internet. This data can be + * downloaded and the index updated. * * @author Jeremy Long (jeremy.long@gmail.com) */ @@ -33,12 +28,11 @@ public interface CachedWebDataSource { /** * Determines if an update to the current index is needed, if it is the new - * data is downloaded from the Internet and imported into the current Lucene Index. + * data is downloaded from the Internet and imported into the current Lucene + * Index. * - * @throws MalformedURLException is thrown if the URL for the CPE is malformed. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. - * @throws SAXException is thrown if there is an error parsing the CPE XML. - * @throws IOException is thrown if a temporary file could not be created. + * @throws UpdateException is thrown if there is an exception updating the + * index. */ - void update() throws MalformedURLException, ParserConfigurationException, SAXException, IOException; + void update() throws UpdateException; } diff --git a/src/main/java/org/codesecure/dependencycheck/data/UpdateException.java b/src/main/java/org/codesecure/dependencycheck/data/UpdateException.java new file mode 100644 index 000000000..f41d4a7f8 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/UpdateException.java @@ -0,0 +1,66 @@ +package org.codesecure.dependencycheck.data; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.IOException; + +/** + * An exception used when an error occurs reading a setting. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class UpdateException extends IOException { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new UpdateException. + */ + public UpdateException() { + super(); + } + + /** + * Creates a new UpdateException. + * + * @param msg a message for the exception. + */ + public UpdateException(String msg) { + super(msg); + } + + /** + * Creates a new UpdateException. + * + * @param ex the cause of the update exception. + */ + public UpdateException(Throwable ex) { + super(ex); + } + + /** + * Creates a new UpdateException. + * + * @param msg a message for the exception. + * @param ex the cause of the update exception. + */ + public UpdateException(String msg, Throwable ex) { + super(msg, ex); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/UpdateService.java b/src/main/java/org/codesecure/dependencycheck/data/UpdateService.java new file mode 100644 index 000000000..c1d6c91ec --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/UpdateService.java @@ -0,0 +1,61 @@ +package org.codesecure.dependencycheck.data; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.util.Iterator; +import java.util.ServiceLoader; + +/** + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class UpdateService { + + private static UpdateService service; + private ServiceLoader loader; + + /** + * Creates a new instance of UpdateService + */ + private UpdateService() { + loader = ServiceLoader.load(CachedWebDataSource.class); + } + + /** + * Retrieve the singleton instance of UpdateService. + * + * @return a singleton UpdateService. + */ + public static synchronized UpdateService getInstance() { + if (service == null) { + service = new UpdateService(); + } + return service; + } + + /** + * Returns an Iterator for all instances of the CachedWebDataSource + * interface. + * + * @return an iterator of CachedWebDataSource. + */ + public Iterator getDataSources() { + return loader.iterator(); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java index 1724d42d5..8a8306c8f 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.cpe; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -64,7 +64,8 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal * utilized within the CPE Names. */ static final String CLEANSE_CHARACTER_RX = "[^A-Za-z0-9 ._-]"; - /* A string representation of a regular expression used to remove all but + /* + * A string representation of a regular expression used to remove all but * alpha characters. */ static final String CLEANSE_NONALPHA_RX = "[^A-Za-z]*"; @@ -89,7 +90,8 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Opens the data source. * - * @throws IOException when the Lucene directory to be querried does not exist or is corrupt. + * @throws IOException when the Lucene directory to be querried does not + * exist or is corrupt. */ public void open() throws IOException { cpe = new Index(); @@ -111,6 +113,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Returns the status of the data source - is the index open. + * * @return true or false. */ public boolean isOpen() { @@ -119,6 +122,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Ensures that the Lucene index is closed. + * * @throws Throwable when a throwable is thrown. */ @Override @@ -130,9 +134,9 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - * Searches the data store of CPE entries, trying to identify the CPE for the given - * dependency based on the evidence contained within. The depencency passed in is - * updated with any identified CPE values. + * Searches the data store of CPE entries, trying to identify the CPE for + * the given dependency based on the evidence contained within. The + * depencency passed in is updated with any identified CPE values. * * @param dependency the dependency to search for CPE entries on. * @throws CorruptIndexException is thrown when the Lucene index is corrupt. @@ -215,10 +219,10 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - * Returns the text created by concatenating the text and the values from the - * EvidenceCollection (filtered for a specific confidence). This attempts to - * prevent duplicate terms from being added.
- * Note, if the evidence is longer then 200 characters it will be truncated. + * Returns the text created by concatenating the text and the values from + * the EvidenceCollection (filtered for a specific confidence). This + * attempts to prevent duplicate terms from being added.
Note, if + * the evidence is longer then 200 characters it will be truncated. * * @param text the base text. * @param ec an EvidenceCollection @@ -244,7 +248,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal // if (value.length() > 200) { // sb.append(value.substring(0, 200)).append(' '); // } else { - sb.append(value).append(' '); + sb.append(value).append(' '); // } } } @@ -252,8 +256,8 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - * Reduces the given confidence by one level. This returns LOW if the confidence - * passed in is not HIGH. + * Reduces the given confidence by one level. This returns LOW if the + * confidence passed in is not HIGH. * * @param c the confidence to reduce. * @return One less then the confidence passed in. @@ -284,17 +288,19 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - *

Searches the Lucene CPE index to identify possible CPE entries associated with - * the supplied vendor, product, and version.

+ *

Searches the Lucene CPE index to identify possible CPE entries + * associated with the supplied vendor, product, and version.

* - *

If either the vendorWeightings or productWeightings lists have been populated - * this data is used to add weighting factors to the search.

+ *

If either the vendorWeightings or productWeightings lists have been + * populated this data is used to add weighting factors to the search.

* * @param vendor the text used to search the vendor field. * @param product the text used to search the product field. * @param version the text used to search the version field. - * @param vendorWeightings a list of strings to use to add weighting factors to the vendor field. - * @param productWeightings Adds a list of strings that will be used to add weighting factors to the product search. + * @param vendorWeightings a list of strings to use to add weighting factors + * to the vendor field. + * @param productWeightings Adds a list of strings that will be used to add + * weighting factors to the product search. * @return a list of possible CPE values. * @throws CorruptIndexException when the Lucene index is corrupt. * @throws IOException when the Lucene index is not found. @@ -323,18 +329,20 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - *

Builds a Lucene search string by properly escaping data and constructing a valid search query.

+ *

Builds a Lucene search string by properly escaping data and + * constructing a valid search query.

* - *

If either the possibleVendor or possibleProducts lists have been populated this - * data is used to add weighting factors to the search string generated.

+ *

If either the possibleVendor or possibleProducts lists have been + * populated this data is used to add weighting factors to the search string + * generated.

* * @param vendor text to search the vendor field. * @param product text to search the product field. * @param version text to search the version field. - * @param vendorWeighting a list of strings to apply to the vendor - * to boost the terms weight. - * @param produdctWeightings a list of strings to apply to the product - * to boost the terms weight. + * @param vendorWeighting a list of strings to apply to the vendor to boost + * the terms weight. + * @param produdctWeightings a list of strings to apply to the product to + * boost the terms weight. * @return the Lucene query. */ protected String buildSearch(String vendor, String product, String version, @@ -379,12 +387,13 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * This method constructs a Lucene query for a given field. The searchText - * is split into seperate words and if the word is within the list of weighted - * words then an additional weighting is applied to the term as it is appended - * into the query. + * is split into seperate words and if the word is within the list of + * weighted words then an additional weighting is applied to the term as it + * is appended into the query. * * @param sb a StringBuilder that the query text will be appended to. - * @param field the field within the Lucene index that the query is searching. + * @param field the field within the Lucene index that the query is + * searching. * @param searchText text used to construct the query. * @param weightedText a list of terms that will be considered higher * importance when searching. @@ -427,7 +436,8 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - * Removes characters from the input text that are not used within the CPE index. + * Removes characters from the input text that are not used within the CPE + * index. * * @param text is the text to remove the characters from. * @return the text having removed some characters. @@ -455,9 +465,9 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - * Ensures that the CPE Identified matches the dependency. This validates that - * the product, vendor, and version information for the CPE are contained within - * the dependencies evidence. + * Ensures that the CPE Identified matches the dependency. This validates + * that the product, vendor, and version information for the CPE are + * contained within the dependencies evidence. * * @param entry a CPE entry. * @param dependency the dependency that the CPE entries could be for. @@ -477,10 +487,12 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal } /** - * Analyzes a dependency and attempts to determine if there are any CPE identifiers - * for this dependency. + * Analyzes a dependency and attempts to determine if there are any CPE + * identifiers for this dependency. + * * @param dependency The Dependency to analyze. - * @throws AnalysisException is thrown if there is an issue analyzing the dependency. + * @throws AnalysisException is thrown if there is an issue analyzing the + * dependency. */ public void analyze(Dependency dependency) throws AnalysisException { try { @@ -496,6 +508,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Returns true because this analyzer supports all dependency types. + * * @return true. */ public Set getSupportedExtensions() { @@ -504,6 +517,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Returns the name of this analyzer. + * * @return the name of this analyzer. */ public String getName() { @@ -512,6 +526,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Returns true because this analyzer supports all dependency types. + * * @param extension the file extension of the dependency being analyzed. * @return true. */ @@ -521,6 +536,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Returns the analysis phase that this analyzer should run in. + * * @return the analysis phase that this analyzer should run in. */ public AnalysisPhase getAnalysisPhase() { @@ -529,6 +545,7 @@ public class CPEAnalyzer implements org.codesecure.dependencycheck.analyzer.Anal /** * Opens the CPE Lucene Index. + * * @throws Exception is thrown if there is an issue opening the index. */ public void initialize() throws Exception { diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java index e4632f563..ce015763f 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/Entry.java @@ -2,21 +2,22 @@ package org.codesecure.dependencycheck.data.cpe; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ + import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.text.ParseException; @@ -27,16 +28,16 @@ import java.util.logging.Logger; import org.apache.lucene.document.Document; /** - * A single CPE entry from the cpe.xml downloaded from - * http://nvd.nist.gov/cpe.cfm. + * A single CPE entry from the cpe.xml downloaded from http://nvd.nist.gov/cpe.cfm. * * @author Jeremy Long (jeremy.long@gmail.com) */ public class Entry { /** - * This parse method does not fully convert a Lucene Document into a CPE Entry; - * it only sets the Entry.Name. + * This parse method does not fully convert a Lucene Document into a CPE + * Entry; it only sets the Entry.Name. * * @param doc a Lucene Document. * @return a CPE Entry. @@ -94,7 +95,8 @@ public class Entry { } /** - * Set the value of name and calls parseName to obtain the vendor:product:version:revision + * Set the value of name and calls parseName to obtain the + * vendor:product:version:revision * * @param name new value of name * @throws UnsupportedEncodingException should never be thrown... @@ -276,28 +278,6 @@ public class Entry { public void setRevision(String revision) { this.revision = revision; } - /** - * If the CPE Entry is well known (i.e. based off a hash) - */ - protected boolean wellKnown = false; - - /** - * Get the value of wellKnown - * - * @return the value of wellKnown - */ - public boolean isWellKnown() { - return wellKnown; - } - - /** - * Set the value of wellKnown - * - * @param wellKnown new value of wellKnown - */ - public void setWellKnown(boolean wellKnown) { - this.wellKnown = wellKnown; - } /** * The search score. */ @@ -327,13 +307,8 @@ public class Entry { *

Example:

*    cpe:/a:apache:struts:1.1:rc2 * - *

Results in:

- *
    - *
  • Vendor: apache
    • - *
  • Product: struts
    • - *
  • Version: 1.1
    • - *
  • Revision: rc2
    • - *
+ *

Results in:

  • Vendor: apache
  • Product: struts
    • + *
  • Version: 1.1
  • Revision: rc2
* * @throws UnsupportedEncodingException should never be thrown... */ diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/Fields.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/Fields.java index 6e7686587..8ce980dd2 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/Fields.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/Fields.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.cpe; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -25,6 +25,7 @@ package org.codesecure.dependencycheck.data.cpe; * @author Jeremy Long (jeremy.long@gmail.com) */ public abstract class Fields { + /** * The key for the name field. */ @@ -43,7 +44,8 @@ public abstract class Fields { */ public static final String PRODUCT = "product"; /** - * The key for the title field. This is a field combining vendor, product, and version. + * The key for the title field. This is a field combining vendor, product, + * and version. */ public static final String TITLE = "title"; /** diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java index b59703749..0bca410b2 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/Index.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.cpe; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -43,6 +43,7 @@ import org.apache.lucene.store.FSDirectory; import org.apache.lucene.util.Version; import org.codesecure.dependencycheck.data.lucene.AbstractIndex; import org.codesecure.dependencycheck.data.CachedWebDataSource; +import org.codesecure.dependencycheck.data.UpdateException; import org.codesecure.dependencycheck.utils.Downloader; import org.codesecure.dependencycheck.utils.Settings; import org.codesecure.dependencycheck.data.cpe.xml.Importer; @@ -57,7 +58,8 @@ import org.xml.sax.SAXException; public class Index extends AbstractIndex implements CachedWebDataSource { /** - * The name of the properties file containing the timestamp of the last update. + * The name of the properties file containing the timestamp of the last + * update. */ private static final String UPDATE_PROPERTIES_FILE = "lastupdated.prop"; /** @@ -97,42 +99,58 @@ public class Index extends AbstractIndex implements CachedWebDataSource { } /** - * Downloads the latest CPE XML file from the web and imports it into - * the current CPE Index. + * Downloads the latest CPE XML file from the web and imports it into the + * current CPE Index. * - * @throws MalformedURLException is thrown if the URL for the CPE is malformed. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. - * @throws SAXException is thrown if there is an error parsing the CPE XML. - * @throws IOException is thrown if a temporary file could not be created. + * @throws UpdateException is thrown if there is a problem updating the + * index. */ - public void update() throws MalformedURLException, ParserConfigurationException, SAXException, IOException { - long timeStamp = updateNeeded(); - if (timeStamp > 0) { - URL url = new URL(Settings.getString(Settings.KEYS.CPE_URL)); - File outputPath = null; - try { - outputPath = File.createTempFile("cpe", ".xml"); - Downloader.fetchFile(url, outputPath, true); - Importer.importXML(outputPath.toString()); - writeLastUpdatedPropertyFile(timeStamp); - } catch (DownloadFailedException ex) { - Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); - } finally { + public void update() throws UpdateException { + try { + long timeStamp = updateNeeded(); + if (timeStamp > 0) { + URL url = new URL(Settings.getString(Settings.KEYS.CPE_URL)); + Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Updating CPE :" + url.toString()); + File outputPath = null; try { - if (outputPath != null && outputPath.exists()) { - outputPath.delete(); - } + outputPath = File.createTempFile("cpe", ".xml"); + Downloader.fetchFile(url, outputPath, true); + Importer.importXML(outputPath.toString()); + writeLastUpdatedPropertyFile(timeStamp); + } catch (ParserConfigurationException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (SAXException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (IOException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); } finally { - if (outputPath != null && outputPath.exists()) { - outputPath.deleteOnExit(); + try { + if (outputPath != null && outputPath.exists()) { + outputPath.delete(); + } + } finally { + if (outputPath != null && outputPath.exists()) { + outputPath.deleteOnExit(); + } } } } + } catch (MalformedURLException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (DownloadFailedException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); } } /** - * Writes a properties file containing the last updated date to the CPE directory. + * Writes a properties file containing the last updated date to the CPE + * directory. + * * @param timeStamp the timestamp to write. */ private void writeLastUpdatedPropertyFile(long timeStamp) { @@ -169,9 +187,12 @@ public class Index extends AbstractIndex implements CachedWebDataSource { * be refreshed this method will return the timestamp of the new CPE. If an * update is not required this function will return 0. * - * @return the timestamp of the currently published CPE.xml if the index needs to be updated, otherwise returns 0.. - * @throws MalformedURLException is thrown if the URL for the CPE Meta data is incorrect. - * @throws DownloadFailedException is thrown if there is an error downloading the cpe.meta data file. + * @return the timestamp of the currently published CPE.xml if the index + * needs to be updated, otherwise returns 0.. + * @throws MalformedURLException is thrown if the URL for the CPE Meta data + * is incorrect. + * @throws DownloadFailedException is thrown if there is an error + * downloading the cpe.meta data file. */ public long updateNeeded() throws MalformedURLException, DownloadFailedException { long retVal = 0; @@ -213,9 +234,12 @@ public class Index extends AbstractIndex implements CachedWebDataSource { /** * Retrieves the timestamp from the CPE meta data file. + * * @return the timestamp from the currently published cpe.meta. - * @throws MalformedURLException is thrown if the URL for the CPE Meta data is incorrect. - * @throws DownloadFailedException is thrown if there is an error downloading the cpe.meta data file. + * @throws MalformedURLException is thrown if the URL for the CPE Meta data + * is incorrect. + * @throws DownloadFailedException is thrown if there is an error + * downloading the cpe.meta data file. */ private long retrieveCurrentCPETimestampFromWeb() throws MalformedURLException, DownloadFailedException { long timestamp = 0; diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandler.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandler.java index 31b8d5fbc..085b15b63 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandler.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandler.java @@ -2,29 +2,29 @@ package org.codesecure.dependencycheck.data.cpe.xml; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ -import org.codesecure.dependencycheck.data.cpe.Entry; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.text.ParseException; import java.util.logging.Level; import java.util.logging.Logger; import org.apache.lucene.index.CorruptIndexException; +import org.codesecure.dependencycheck.data.cpe.Entry; import org.xml.sax.Attributes; import org.xml.sax.SAXException; import org.xml.sax.helpers.DefaultHandler; @@ -46,7 +46,8 @@ public class CPEHandler extends DefaultHandler { /** * Register a EntrySaveDelegate object. When the last node of an entry is - * reached if a save delegate has been regsitered the save method will be invoked. + * reached if a save delegate has been registered the save method will be + * invoked. * * @param delegate the delegate used to save an entry */ @@ -165,8 +166,8 @@ public class CPEHandler extends DefaultHandler { // /** - * A simple class to maintain information about the current element while parsing - * the CPE XML. + * A simple class to maintain information about the current element while + * parsing the CPE XML. */ protected class Element { diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/EntrySaveDelegate.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/EntrySaveDelegate.java index 3f89d1991..8acdf822e 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/EntrySaveDelegate.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/EntrySaveDelegate.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.cpe.xml; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Importer.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Importer.java index 444a51c96..0a9394793 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Importer.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Importer.java @@ -2,27 +2,30 @@ package org.codesecure.dependencycheck.data.cpe.xml; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ import java.io.File; import java.io.IOException; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; +import org.apache.lucene.index.CorruptIndexException; import org.xml.sax.SAXException; /** @@ -36,32 +39,42 @@ public class Importer { * Private constructor for utility class. */ private Importer() { - } /** * Imports the CPE XML File into the Lucene Index. * * @param file containing the path to the CPE XML file. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. + * @throws ParserConfigurationException is thrown if the parser is + * misconfigured. * @throws SAXException is thrown when there is a SAXException. * @throws IOException is thrown when there is an IOException. + * @throws CorruptIndexException is thrown when the Lucene index is corrupt. */ - public static void importXML(File file) throws ParserConfigurationException, SAXException, IOException { + public static void importXML(File file) throws CorruptIndexException, ParserConfigurationException, IOException, SAXException { SAXParserFactory factory = SAXParserFactory.newInstance(); SAXParser saxParser = factory.newSAXParser(); CPEHandler handler = new CPEHandler(); Indexer indexer = new Indexer(); indexer.openIndexWriter(); handler.registerSaveDelegate(indexer); - saxParser.parse(file, handler); - indexer.close(); + try { + saxParser.parse(file, handler); + } catch (SAXException ex) { + Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex); + } catch (IOException ex) { + Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex); + } finally { + indexer.close(); + } } + /** * Imports the CPE XML File into the Lucene Index. * * @param path the path to the CPE XML file. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. + * @throws ParserConfigurationException is thrown if the parser is + * misconfigured. * @throws SAXException is thrown when there is a SAXException. * @throws IOException is thrown when there is an IOException. */ diff --git a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java index 4e6464c63..4f350fa66 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java +++ b/src/main/java/org/codesecure/dependencycheck/data/cpe/xml/Indexer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.cpe.xml; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -24,10 +24,10 @@ import org.apache.lucene.document.Field; import org.apache.lucene.index.CorruptIndexException; import org.apache.lucene.index.FieldInfo.IndexOptions; import org.apache.lucene.index.Term; -import org.codesecure.dependencycheck.data.lucene.LuceneUtils; import org.codesecure.dependencycheck.data.cpe.Entry; import org.codesecure.dependencycheck.data.cpe.Fields; import org.codesecure.dependencycheck.data.cpe.Index; +import org.codesecure.dependencycheck.data.lucene.LuceneUtils; /** * The Indexer is used to convert a CPE Entry, retrieved from the CPE XML file, @@ -51,7 +51,7 @@ public class Indexer extends Index implements EntrySaveDelegate { } /** - * Converst a CPE entry into a Lucene Document. + * Converts a CPE entry into a Lucene Document. * * @param entry a CPE Entry. * @return a Lucene Document containing a CPE Entry. diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/Entry.java b/src/main/java/org/codesecure/dependencycheck/data/cve/Entry.java deleted file mode 100644 index 2ec95c33b..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/Entry.java +++ /dev/null @@ -1,380 +0,0 @@ -package org.codesecure.dependencycheck.data.cve; -/* - * This file is part of DependencyCheck. - * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ -import java.io.UnsupportedEncodingException; -import java.net.URLDecoder; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.apache.lucene.document.Document; - -/** - * A single CVE entry from the cve.xml files downloaded from - * http://nvd.nist.gov/cpe.cfm. - * - * @author Jeremy Long (jeremy.long@gmail.com) - */ -public class Entry { - - /** - * This parse method does not fully convert a Lucene Document into a CPE Entry; - * it only sets the Entry.Name. - * - * @param doc a Lucene Document. - * @return a CPE Entry. - */ - public static Entry parse(Document doc) { - Entry entry = new Entry(); - try { - entry.setName(doc.get(Fields.NAME)); - entry.setTitle(doc.get(Fields.TITLE)); - } catch (UnsupportedEncodingException ex) { - Logger.getLogger(Entry.class.getName()).log(Level.SEVERE, null, ex); - entry.name = doc.get(Fields.NAME); - } -// entry.vendor = doc.get(Fields.VENDOR); -// entry.version = doc.get(Fields.VERSION); -// //entry.revision = doc.get(Fields.REVISION); -// entry.product = doc.get(Fields.TITLE); -// entry.nvdId = doc.get(Fields.NVDID); - return entry; - } - /** - * The title of the CPE - */ - protected String title; - - /** - * Get the value of title - * - * @return the value of title - */ - public String getTitle() { - return title; - } - - /** - * Set the value of title - * - * @param title new value of title - */ - public void setTitle(String title) { - this.title = title; - } - /** - * The name of the CPE entry. - */ - protected String name; - - /** - * Get the value of name - * - * @return the value of name - */ - public String getName() { - return name; - } - - /** - * Set the value of name and calls parseName to obtain the vendor:product:version:revision - * - * @param name new value of name - * @throws UnsupportedEncodingException should never be thrown... - */ - public void setName(String name) throws UnsupportedEncodingException { - this.name = name; - parseName(); - } - /** - * The status of the CPE Entry. - */ - protected String status; - - /** - * Get the value of status - * - * @return the value of status - */ - public String getStatus() { - return status; - } - - /** - * Set the value of status - * - * @param status new value of status - */ - public void setStatus(String status) { - this.status = status; - } - /** - * The modification date of the CPE Entry. - */ - protected Date modificationDate; - - /** - * Get the value of modificationDate - * - * @return the value of modificationDate - */ - public Date getModificationDate() { - return modificationDate; - } - - /** - * Set the value of modificationDate - * - * @param modificationDate new value of modificationDate - */ - public void setModificationDate(Date modificationDate) { - this.modificationDate = modificationDate; - } - - /** - * Set the value of modificationDate - * - * Expected format: yyyy-MM-dd'T'HH:mm:ss.SSS'Z' - * - * @param modificationDate new value of modificationDate - * @throws ParseException is thrown when a parse exception occurs. - */ - public void setModificationDate(String modificationDate) throws ParseException { - - String formatStr = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"; - Date tempDate = null; - SimpleDateFormat sdf = new SimpleDateFormat(formatStr); - sdf.setLenient(true); - tempDate = sdf.parse(modificationDate); - - this.modificationDate = tempDate; - } - /** - * The nvdId. - */ - protected String nvdId; - - /** - * Get the value of nvdId - * - * @return the value of nvdId - */ - public String getNvdId() { - return nvdId; - } - - /** - * Set the value of nvdId - * - * @param nvdId new value of nvdId - */ - public void setNvdId(String nvdId) { - this.nvdId = nvdId; - } - /** - * The vendor name. - */ - protected String vendor; - - /** - * Get the value of vendor - * - * @return the value of vendor - */ - public String getVendor() { - return vendor; - } - - /** - * Set the value of vendor - * - * @param vendor new value of vendor - */ - public void setVendor(String vendor) { - this.vendor = vendor; - } - /** - * The product name. - */ - protected String product; - - /** - * Get the value of product - * - * @return the value of product - */ - public String getProduct() { - return product; - } - - /** - * Set the value of product - * - * @param product new value of product - */ - public void setProduct(String product) { - this.product = product; - } - /** - * The product version. - */ - protected String version; - - /** - * Get the value of version - * - * @return the value of version - */ - public String getVersion() { - return version; - } - - /** - * Set the value of version - * - * @param version new value of version - */ - public void setVersion(String version) { - this.version = version; - } - /** - * The product revision. - */ - protected String revision; - - /** - * Get the value of revision - * - * @return the value of revision - */ - public String getRevision() { - return revision; - } - - /** - * Set the value of revision - * - * @param revision new value of revision - */ - public void setRevision(String revision) { - this.revision = revision; - } - /** - * If the CPE Entry is well known (i.e. based off a hash) - */ - protected boolean wellKnown = false; - - /** - * Get the value of wellKnown - * - * @return the value of wellKnown - */ - public boolean isWellKnown() { - return wellKnown; - } - - /** - * Set the value of wellKnown - * - * @param wellKnown new value of wellKnown - */ - public void setWellKnown(boolean wellKnown) { - this.wellKnown = wellKnown; - } - /** - * The search score. - */ - protected float searchScore; - - /** - * Get the value of searchScore - * - * @return the value of searchScore - */ - public float getSearchScore() { - return searchScore; - } - - /** - * Set the value of searchScore - * - * @param searchScore new value of searchScore - */ - public void setSearchScore(float searchScore) { - this.searchScore = searchScore; - } - - /** - *

Parses a name attribute value, from the cpe.xml, into its - * corresponding parts: vendor, product, version, revision.

- *

Example:

- *    cpe:/a:apache:struts:1.1:rc2 - * - *

Results in:

- *
    - *
  • Vendor: apache
    • - *
  • Product: struts
    • - *
  • Version: 1.1
    • - *
  • Revision: rc2
    • - *
- * - * @throws UnsupportedEncodingException should never be thrown... - */ - private void parseName() throws UnsupportedEncodingException { - if (name != null && name.length() > 7) { - String[] data = name.substring(7).split(":"); - if (data.length >= 1) { - vendor = URLDecoder.decode(data[0], "UTF-8"); - if (data.length >= 2) { - product = URLDecoder.decode(data[1], "UTF-8"); - if (data.length >= 3) { - version = URLDecoder.decode(data[2], "UTF-8"); - if (data.length >= 4) { - revision = URLDecoder.decode(data[3], "UTF-8"); - } - //ignore edition and language fields.. don't really see them used in the a: - } - } - } - } - } - - @Override - public boolean equals(Object obj) { - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final Entry other = (Entry) obj; - if ((this.name == null) ? (other.name != null) : !this.name.equals(other.name)) { - return false; - } - return true; - } - - @Override - public int hashCode() { - int hash = 5; - hash = 83 * hash + (this.name != null ? this.name.hashCode() : 0); - return hash; - } -} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/Fields.java b/src/main/java/org/codesecure/dependencycheck/data/cve/Fields.java deleted file mode 100644 index eb0082395..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/Fields.java +++ /dev/null @@ -1,53 +0,0 @@ -package org.codesecure.dependencycheck.data.cve; -/* - * This file is part of DependencyCheck. - * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ - -/** - * Fields is a collection of field names used within the Lucene index for CPE - * entries. - * - * @author Jeremy Long (jeremy.long@gmail.com) - */ -public abstract class Fields { - /** - * The key for the name field. - */ - public static final String NAME = "name"; - /** - * The key for the vendor field. - */ - public static final String VENDOR = "vendor"; - /** - * The key for the version field. - */ - public static final String VERSION = "version"; - //public static final String REVISION = "revision"; - /** - * The key for the product field. - */ - public static final String PRODUCT = "product"; - /** - * The key for the title field. This is a field combining vendor, product, and version. - */ - public static final String TITLE = "title"; - /** - * The key for the nvdId field. - */ - public static final String NVDID = "nvdid"; -} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/Index.java b/src/main/java/org/codesecure/dependencycheck/data/cve/Index.java deleted file mode 100644 index 782300b9a..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/Index.java +++ /dev/null @@ -1,254 +0,0 @@ -package org.codesecure.dependencycheck.data.cve; -/* - * This file is part of DependencyCheck. - * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.HashMap; -import java.util.Map; -import java.util.Properties; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.xml.parsers.ParserConfigurationException; -import org.apache.lucene.analysis.Analyzer; -import org.apache.lucene.analysis.KeywordAnalyzer; -import org.apache.lucene.analysis.PerFieldAnalyzerWrapper; -import org.apache.lucene.analysis.standard.StandardAnalyzer; -import org.apache.lucene.store.Directory; -import org.apache.lucene.store.FSDirectory; -import org.apache.lucene.util.Version; -import org.codesecure.dependencycheck.data.lucene.AbstractIndex; -import org.codesecure.dependencycheck.data.CachedWebDataSource; -import org.codesecure.dependencycheck.utils.Downloader; -import org.codesecure.dependencycheck.utils.Settings; -import org.codesecure.dependencycheck.data.cpe.xml.Importer; -import org.codesecure.dependencycheck.utils.DownloadFailedException; -import org.xml.sax.SAXException; - -/** - * The Index class is used to utilize and maintain the CVE Index. - * - * @author Jeremy Long (jeremy.long@gmail.com) - */ -public class Index extends AbstractIndex implements CachedWebDataSource { - - /** - * The name of the properties file containing the timestamp of the last update. - */ - private static final String UPDATE_PROPERTIES_FILE = "lastupdated.prop"; - /** - * The properties file key for the last updated field. - */ - private static final String LAST_UPDATED = "lastupdated"; - - /** - * Returns the directory that holds the CPE Index. - * - * @return the Directory containing the CPE Index. - * @throws IOException is thrown if an IOException occurs. - */ - public Directory getDirectory() throws IOException { - String fileName = Settings.getString(Settings.KEYS.CVE_INDEX); - File path = new File(fileName); - Directory dir = FSDirectory.open(path); - - return dir; - } - - /** - * Creates an Analyzer for the CPE Index. - * - * @return the CPE Analyzer. - */ - @SuppressWarnings("unchecked") - public Analyzer createAnalyzer() { - Map fieldAnalyzers = new HashMap(); - - fieldAnalyzers.put(Fields.VERSION, new KeywordAnalyzer()); - - PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper( - new StandardAnalyzer(Version.LUCENE_35), fieldAnalyzers); - - return wrapper; - } - - /** - * Downloads the latest CPE XML file from the web and imports it into - * the current CPE Index. - * - * @throws MalformedURLException is thrown if the URL for the CPE is malformed. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. - * @throws SAXException is thrown if there is an error parsing the CPE XML. - * @throws IOException is thrown if a temporary file could not be created. - */ - public void update() throws MalformedURLException, ParserConfigurationException, SAXException, IOException { - long timeStamp = updateNeeded(); - if (timeStamp > 0) { - URL url = new URL(Settings.getString(Settings.KEYS.CPE_URL)); - File outputPath = null; - try { - outputPath = File.createTempFile("cve", ".xml"); - Downloader.fetchFile(url, outputPath, true); - Importer.importXML(outputPath.toString()); - writeLastUpdatedPropertyFile(timeStamp); - } catch (DownloadFailedException ex) { - Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); - } finally { - try { - if (outputPath != null && outputPath.exists()) { - outputPath.delete(); - } - } finally { - if (outputPath != null && outputPath.exists()) { - outputPath.deleteOnExit(); - } - } - } - } - } - - /** - * Writes a properties file containing the last updated date to the CPE directory. - * @param timeStamp the timestamp to write. - */ - private void writeLastUpdatedPropertyFile(long timeStamp) { - String dir = Settings.getString(Settings.KEYS.CPE_INDEX); - File cpeProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); - Properties prop = new Properties(); - prop.put(Index.LAST_UPDATED, String.valueOf(timeStamp)); - OutputStream os = null; - try { - os = new FileOutputStream(cpeProp); - OutputStreamWriter out = new OutputStreamWriter(os); - prop.store(out, dir); - } catch (FileNotFoundException ex) { - Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); - } catch (IOException ex) { - Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); - } finally { - try { - os.flush(); - } catch (IOException ex) { - Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); - } - try { - os.close(); - } catch (IOException ex) { - Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); - } - } - } - - /** - * Determines if the index needs to be updated. This is done by fetching the - * cpe.meta data and checking the lastModifiedDate. If the CPE data needs to - * be refreshed this method will return the timestamp of the new CPE. If an - * update is not required this function will return 0. - * - * @return the timestamp of the currently published CPE.xml if the index needs to be updated, otherwise returns 0.. - * @throws MalformedURLException is thrown if the URL for the CPE Meta data is incorrect. - * @throws DownloadFailedException is thrown if there is an error downloading the cpe.meta data file. - */ - public long updateNeeded() throws MalformedURLException, DownloadFailedException { - long retVal = 0; - long lastUpdated = 0; - long currentlyPublishedDate = retrieveCurrentCPETimestampFromWeb(); - if (currentlyPublishedDate == 0) { - throw new DownloadFailedException("Unable to retrieve valid timestamp from cpe.meta file"); - } - - String dir = Settings.getString(Settings.KEYS.CPE_INDEX); - File f = new File(dir); - if (!f.exists()) { - retVal = currentlyPublishedDate; - } else { - File cpeProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); - if (!cpeProp.exists()) { - retVal = currentlyPublishedDate; - } else { - Properties prop = new Properties(); - InputStream is = null; - try { - is = new FileInputStream(cpeProp); - prop.load(is); - lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED)); - } catch (FileNotFoundException ex) { - Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); - } catch (IOException ex) { - Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); - } catch (NumberFormatException ex) { - Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); - } - if (currentlyPublishedDate > lastUpdated) { - retVal = currentlyPublishedDate; - } - } - } - return retVal; - } - - /** - * Retrieves the timestamp from the CPE meta data file. - * @return the timestamp from the currently published cpe.meta. - * @throws MalformedURLException is thrown if the URL for the CPE Meta data is incorrect. - * @throws DownloadFailedException is thrown if there is an error downloading the cpe.meta data file. - */ - private long retrieveCurrentCPETimestampFromWeb() throws MalformedURLException, DownloadFailedException { - long timestamp = 0; - File tmp = null; - InputStream is = null; - try { - tmp = File.createTempFile("cpe", "meta"); - URL url = new URL(Settings.getString(Settings.KEYS.CPE_META_URL)); - Downloader.fetchFile(url, tmp); - Properties prop = new Properties(); - is = new FileInputStream(tmp); - prop.load(is); - timestamp = Long.parseLong(prop.getProperty("lastModifiedDate")); - } catch (IOException ex) { - throw new DownloadFailedException("Unable to create temporary file for CPE Meta File download.", ex); - } finally { - try { - if (is != null) { - try { - is.close(); - } catch (IOException ex) { - Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); - } - } - if (tmp != null && tmp.exists()) { - tmp.delete(); - } - } finally { - if (tmp != null && tmp.exists()) { - tmp.deleteOnExit(); - } - } - } - return timestamp; - } -} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/package-info.java b/src/main/java/org/codesecure/dependencycheck/data/cve/package-info.java deleted file mode 100644 index 7748a0137..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/package-info.java +++ /dev/null @@ -1,12 +0,0 @@ -/** - * - * - * org.codesecure.dependencycheck.data.cve.xml - * - * - * Contains classes used to parse the CVE XML files. - * - * -*/ - -package org.codesecure.dependencycheck.data.cve; diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/CVEHandler.java b/src/main/java/org/codesecure/dependencycheck/data/cve/xml/CVEHandler.java deleted file mode 100644 index d1fa366c0..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/CVEHandler.java +++ /dev/null @@ -1,350 +0,0 @@ -package org.codesecure.dependencycheck.data.cve.xml; -/* - * This file is part of DependencyCheck. - * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ - -import org.codesecure.dependencycheck.data.cve.Entry; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.text.ParseException; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.apache.lucene.index.CorruptIndexException; -import org.xml.sax.Attributes; -import org.xml.sax.SAXException; -import org.xml.sax.helpers.DefaultHandler; - -/** - * A SAX Handler that will parse the CVE XML Listing. - * - * @author Jeremy Long (jeremy.long@gmail.com) - */ -public class CVEHandler extends DefaultHandler { - - private static final String CURRENT_SCHEMA_VERSION = "2.2"; - EntrySaveDelegate saveDelegate = null; - Entry entry = null; - boolean languageIsUS = false; - StringBuilder nodeText = null; - boolean skip = false; - Element current = new Element(); - - /** - * Register a EntrySaveDelegate object. When the last node of an entry is - * reached if a save delegate has been regsitered the save method will be invoked. - * - * @param delegate the delegate used to save an entry - */ - public void registerSaveDelegate(EntrySaveDelegate delegate) { - this.saveDelegate = delegate; - } - - @Override - public void startElement(String uri, String localName, String qName, Attributes attributes) throws SAXException { - nodeText = null; - current.setNode(qName); - if (current.isCpeItemNode()) { - entry = new Entry(); - String temp = attributes.getValue("deprecated"); - String name = attributes.getValue("name"); - skip = (temp != null && temp.equals("true")); - try { - if (!skip && name.startsWith("cpe:/a:")) { - entry.setName(name); - } else { - skip = true; - } - } catch (UnsupportedEncodingException ex) { - throw new SAXException(ex); - } - } else if (current.isTitleNode()) { - nodeText = new StringBuilder(100); - if ("en-US".equalsIgnoreCase(attributes.getValue("xml:lang"))) { - languageIsUS = true; - } else { - languageIsUS = false; - } - } else if (current.isMetaNode()) { - try { - entry.setModificationDate(attributes.getValue("modification-date")); - } catch (ParseException ex) { - Logger.getLogger(CVEHandler.class.getName()).log(Level.SEVERE, null, ex); - } - entry.setStatus(attributes.getValue("status")); - entry.setNvdId(attributes.getValue("nvd-id")); - } else if (current.isSchemaVersionNode()) { - nodeText = new StringBuilder(3); - } else if (current.isTimestampNode()) { - nodeText = new StringBuilder(24); - } -// } else if (current.isCpeListNode()) { -// //do nothing -// } else if (current.isNotesNode()) { -// //do nothing -// } else if (current.isNoteNode()) { -// //do nothing -// } else if (current.isCheckNode()) { -// //do nothing -// } else if (current.isGeneratorNode()) { -// //do nothing -// } else if (current.isProductNameNode()) { -// //do nothing -// } else if (current.isProductVersionNode()) { -// //do nothing - } - - @Override - public void characters(char[] ch, int start, int length) throws SAXException { - //nodeText += new String(ch, start, length); - if (nodeText != null) { - nodeText.append(ch, start, length); - } - } - - @Override - public void endElement(String uri, String localName, String qName) throws SAXException { - current.setNode(qName); - if (current.isCpeItemNode()) { - if (saveDelegate != null && !skip) { - try { - saveDelegate.saveEntry(entry); - } catch (CorruptIndexException ex) { - Logger.getLogger(CVEHandler.class.getName()).log(Level.SEVERE, null, ex); - throw new SAXException(ex); - } catch (IOException ex) { - Logger.getLogger(CVEHandler.class.getName()).log(Level.SEVERE, null, ex); - throw new SAXException(ex); - } - entry = null; - } - } else if (current.isTitleNode()) { - if (languageIsUS) { - entry.setTitle(nodeText.toString()); - } - } else if (current.isSchemaVersionNode() && !CURRENT_SCHEMA_VERSION.equals(nodeText.toString())) { - throw new SAXException("ERROR: Invalid Schema Version, expected: " - + CURRENT_SCHEMA_VERSION + ", file is: " + nodeText); - } -// } else if (current.isCpeListNode()) { -// //do nothing -// } else if (current.isMetaNode()) { -// //do nothing -// } else if (current.isNotesNode()) { -// //do nothing -// } else if (current.isNoteNode()) { -// //do nothing -// } else if (current.isCheckNode()) { -// //do nothing -// } else if (current.isGeneratorNode()) { -// //do nothing -// } else if (current.isProductNameNode()) { -// //do nothing -// } else if (current.isProductVersionNode()) { -// //do nothing -// else if (current.isTimestampNode()) { -// //do nothing -// } else { -// throw new SAXException("ERROR STATE: Unexpected qName '" + qName + "'"); -// } - } - - // - /** - * A simple class to maintain information about the current element while parsing - * the CPE XML. - */ - protected class Element { - - /** - * A node type in the CPE Schema 2.2 - */ - public static final String CPE_LIST = "cpe-list"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String CPE_ITEM = "cpe-item"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String TITLE = "title"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String NOTES = "notes"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String NOTE = "note"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String CHECK = "check"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String META = "meta:item-metadata"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String GENERATOR = "generator"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String PRODUCT_NAME = "product_name"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String PRODUCT_VERSION = "product_version"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String SCHEMA_VERSION = "schema_version"; - /** - * A node type in the CPE Schema 2.2 - */ - public static final String TIMESTAMP = "timestamp"; - private String node = null; - - /** - * Gets the value of node - * - * @return the value of node - */ - public String getNode() { - return this.node; - } - - /** - * Sets the value of node - * - * @param node new value of node - */ - public void setNode(String node) { - this.node = node; - } - - /** - * Checks if the handler is at the CPE_LIST node - * - * @return true or false - */ - public boolean isCpeListNode() { - return CPE_LIST.equals(node); - } - - /** - * Checks if the handler is at the CPE_ITEM node - * - * @return true or false - */ - public boolean isCpeItemNode() { - return CPE_ITEM.equals(node); - } - - /** - * Checks if the handler is at the TITLE node - * - * @return true or false - */ - public boolean isTitleNode() { - return TITLE.equals(node); - } - - /** - * Checks if the handler is at the NOTES node - * - * @return true or false - */ - public boolean isNotesNode() { - return NOTES.equals(node); - } - - /** - * Checks if the handler is at the NOTE node - * - * @return true or false - */ - public boolean isNoteNode() { - return NOTE.equals(node); - } - - /** - * Checks if the handler is at the CHECK node - * - * @return true or false - */ - public boolean isCheckNode() { - return CHECK.equals(node); - } - - /** - * Checks if the handler is at the META node - * - * @return true or false - */ - public boolean isMetaNode() { - return META.equals(node); - } - - /** - * Checks if the handler is at the GENERATOR node - * - * @return true or false - */ - public boolean isGeneratorNode() { - return GENERATOR.equals(node); - } - - /** - * Checks if the handler is at the PRODUCT_NAME node - * - * @return true or false - */ - public boolean isProductNameNode() { - return PRODUCT_NAME.equals(node); - } - - /** - * Checks if the handler is at the PRODUCT_VERSION node - * - * @return true or false - */ - public boolean isProductVersionNode() { - return PRODUCT_VERSION.equals(node); - } - - /** - * Checks if the handler is at the SCHEMA_VERSION node - * - * @return true or false - */ - public boolean isSchemaVersionNode() { - return SCHEMA_VERSION.equals(node); - } - - /** - * Checks if the handler is at the TIMESTAMP node - * - * @return true or false - */ - public boolean isTimestampNode() { - return TIMESTAMP.equals(node); - } - } - // -} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/Importer.java b/src/main/java/org/codesecure/dependencycheck/data/cve/xml/Importer.java deleted file mode 100644 index a001ac6b6..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/Importer.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.codesecure.dependencycheck.data.cve.xml; -/* - * This file is part of DependencyCheck. - * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ - -import java.io.File; -import java.io.IOException; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.parsers.SAXParser; -import javax.xml.parsers.SAXParserFactory; -import org.xml.sax.SAXException; - -/** - * Imports a CVE XML file into the Lucene CVE Index. - * - * @author Jeremy Long (jeremy.long@gmail.com) - */ -public class Importer { - - /** - * Private constructor for utility class. - */ - private Importer() { - - } - - /** - * Imports the CPE XML File into the Lucene Index. - * - * @param file containing the path to the CPE XML file. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. - * @throws SAXException is thrown when there is a SAXException. - * @throws IOException is thrown when there is an IOException. - */ - public static void importXML(File file) throws ParserConfigurationException, SAXException, IOException { - SAXParserFactory factory = SAXParserFactory.newInstance(); - SAXParser saxParser = factory.newSAXParser(); - CVEHandler handler = new CVEHandler(); - Indexer indexer = new Indexer(); - indexer.open(); - handler.registerSaveDelegate(indexer); - saxParser.parse(file, handler); - indexer.close(); - } - /** - * Imports the CPE XML File into the Lucene Index. - * - * @param path the path to the CPE XML file. - * @throws ParserConfigurationException is thrown if the parser is misconfigured. - * @throws SAXException is thrown when there is a SAXException. - * @throws IOException is thrown when there is an IOException. - */ - public static void importXML(String path) throws ParserConfigurationException, SAXException, IOException { - File f = new File(path); - if (!f.exists()) { - f.mkdirs(); - } - Importer.importXML(f); - } -} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/Indexer.java b/src/main/java/org/codesecure/dependencycheck/data/cve/xml/Indexer.java deleted file mode 100644 index f375c4235..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/Indexer.java +++ /dev/null @@ -1,102 +0,0 @@ -package org.codesecure.dependencycheck.data.cve.xml; -/* - * This file is part of DependencyCheck. - * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. - * - * Copyright (c) 2012 Jeremy Long. All Rights Reserved. - */ - -import java.io.IOException; -import org.apache.lucene.document.Document; -import org.apache.lucene.document.Field; -import org.apache.lucene.index.CorruptIndexException; -import org.apache.lucene.index.FieldInfo.IndexOptions; -import org.apache.lucene.index.Term; -import org.codesecure.dependencycheck.data.lucene.LuceneUtils; -import org.codesecure.dependencycheck.data.cve.Entry; -import org.codesecure.dependencycheck.data.cve.Fields; -import org.codesecure.dependencycheck.data.cve.Index; - -/** - * The Indexer is used to convert a CPE Entry, retrieved from the CPE XML file, - * into a Document that is stored in the Lucene index. - * - * @author Jeremy Long (jeremy.long@gmail.com) - */ -public class Indexer extends Index implements EntrySaveDelegate { - - /** - * Saves a CPE Entry into the Lucene index. - * - * @param entry a CPE entry. - * @throws CorruptIndexException is thrown if the index is corrupt. - * @throws IOException is thrown if an IOException occurs. - */ - public void saveEntry(Entry entry) throws CorruptIndexException, IOException { - Document doc = convertEntryToDoc(entry); - Term term = new Term(Fields.NVDID, LuceneUtils.escapeLuceneQuery(entry.getNvdId())); - indexWriter.updateDocument(term, doc); - } - - /** - * Converst a CPE entry into a Lucene Document. - * - * @param entry a CPE Entry. - * @return a Lucene Document containing a CPE Entry. - */ - protected Document convertEntryToDoc(Entry entry) { - Document doc = new Document(); - - Field name = new Field(Fields.NAME, entry.getName(), Field.Store.YES, Field.Index.ANALYZED); - name.setIndexOptions(IndexOptions.DOCS_ONLY); - doc.add(name); - - Field nvdId = new Field(Fields.NVDID, entry.getNvdId(), Field.Store.NO, Field.Index.ANALYZED); - nvdId.setIndexOptions(IndexOptions.DOCS_ONLY); - doc.add(nvdId); - - Field vendor = new Field(Fields.VENDOR, entry.getVendor(), Field.Store.NO, Field.Index.ANALYZED); - vendor.setIndexOptions(IndexOptions.DOCS_ONLY); - vendor.setBoost(5.0F); - doc.add(vendor); - - Field product = new Field(Fields.PRODUCT, entry.getProduct(), Field.Store.NO, Field.Index.ANALYZED); - product.setIndexOptions(IndexOptions.DOCS_ONLY); - product.setBoost(5.0F); - doc.add(product); - - Field title = new Field(Fields.TITLE, entry.getTitle(), Field.Store.NO, Field.Index.ANALYZED); - title.setIndexOptions(IndexOptions.DOCS_ONLY); - //title.setBoost(1.0F); - doc.add(title); - - //TODO revision should likely be its own field - if (entry.getVersion() != null) { - Field version = null; - if (entry.getRevision() != null) { - version = new Field(Fields.VERSION, entry.getVersion() + " " - + entry.getRevision(), Field.Store.NO, Field.Index.ANALYZED); - } else { - version = new Field(Fields.VERSION, entry.getVersion(), - Field.Store.NO, Field.Index.ANALYZED); - } - version.setIndexOptions(IndexOptions.DOCS_ONLY); - version.setBoost(0.8F); - doc.add(version); - } - - return doc; - } -} diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/package-info.java b/src/main/java/org/codesecure/dependencycheck/data/cve/xml/package-info.java deleted file mode 100644 index 9256378f9..000000000 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/package-info.java +++ /dev/null @@ -1,12 +0,0 @@ -/** - * - * - * org.codesecure.dependencycheck.data.cve.xml - * - * - * Contains classes used to parse the CVE XML file. - * - * -*/ - -package org.codesecure.dependencycheck.data.cve.xml; diff --git a/src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java b/src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java index 174b92e95..9c340e8c7 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java +++ b/src/main/java/org/codesecure/dependencycheck/data/lucene/AbstractIndex.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.lucene; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -32,7 +32,8 @@ import org.apache.lucene.store.LockObtainFailedException; import org.apache.lucene.util.Version; /** - * The base Index for other index objects. Implements the open and close methods. + * The base Index for other index objects. Implements the open and close + * methods. * * @author Jeremy Long (jeremy.long@gmail.com) */ @@ -65,6 +66,7 @@ public abstract class AbstractIndex { /** * Opens the CPE Index. + * * @throws IOException is thrown if an IOException occurs opening the index. */ public void open() throws IOException { @@ -121,6 +123,7 @@ public abstract class AbstractIndex { /** * Returns the status of the data source - is the index open. + * * @return true or false. */ public boolean isOpen() { @@ -146,7 +149,8 @@ public abstract class AbstractIndex { * * @return an IndexWriter. * @throws CorruptIndexException is thrown if the Lucene Index is corrupt. - * @throws LockObtainFailedException is thrown if there is an exception obtaining a lock on the Lucene index. + * @throws LockObtainFailedException is thrown if there is an exception + * obtaining a lock on the Lucene index. * @throws IOException is thrown if an IOException occurs opening the index. */ public IndexWriter getIndexWriter() throws CorruptIndexException, LockObtainFailedException, IOException { @@ -158,6 +162,7 @@ public abstract class AbstractIndex { /** * Opens the Lucene Index for reading. + * * @throws CorruptIndexException is thrown if the index is corrupt. * @throws IOException is thrown if there is an exception reading the index. */ @@ -170,6 +175,7 @@ public abstract class AbstractIndex { /** * Returns an IndexSearcher for the Lucene Index. + * * @return an IndexSearcher. * @throws CorruptIndexException is thrown if the index is corrupt. * @throws IOException is thrown if there is an exception reading the index. @@ -186,6 +192,7 @@ public abstract class AbstractIndex { /** * Returns an Analyzer for the Lucene Index. + * * @return an Analyzer. */ public Analyzer getAnalyzer() { @@ -197,6 +204,7 @@ public abstract class AbstractIndex { /** * Gets the directory that contains the Lucene Index. + * * @return a Lucene Directory. * @throws IOException is thrown when an IOException occurs. */ @@ -204,6 +212,7 @@ public abstract class AbstractIndex { /** * Creates the Lucene Analyzer used when indexing and searching the index. + * * @return a Lucene Analyzer. */ public abstract Analyzer createAnalyzer(); diff --git a/src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java b/src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java index f3d6e7bfd..ae29dba0b 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java +++ b/src/main/java/org/codesecure/dependencycheck/data/lucene/DependencySimilarity.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.lucene; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -29,10 +29,12 @@ public class DependencySimilarity extends DefaultSimilarity { private static final long serialVersionUID = 1L; /** - *

Override the default idf implementation so that frequency within - * all document is ignored.

+ *

Override the default idf implementation so that frequency within all + * document is ignored.

* - * See this article for more details. + * See this + * article for more details. * * @param docFreq - the number of documents which contain the term * @param numDocs - the total number of documents in the collection diff --git a/src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java b/src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java index 2f4abc283..9b52d2b83 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java +++ b/src/main/java/org/codesecure/dependencycheck/data/lucene/LuceneUtils.java @@ -2,25 +2,25 @@ package org.codesecure.dependencycheck.data.lucene; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ /** - *

Lucene utils is a set of utilitize written to make constructing - * Lucene queries simplier.

+ *

Lucene utils is a set of utilitize written to make constructing Lucene + * queries simplier.

* * @author Jeremy Long (jeremy.long@gmail.com) */ diff --git a/src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java index 957794307..5c180578d 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java +++ b/src/main/java/org/codesecure/dependencycheck/data/lucene/VersionAnalyzer.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.data.lucene; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Fields.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Fields.java new file mode 100644 index 000000000..95a05e330 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Fields.java @@ -0,0 +1,45 @@ +package org.codesecure.dependencycheck.data.nvdcve; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +/** + * Fields is a collection of field names used within the Lucene index for NVD + * VULNERABLE_CPE entries. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public abstract class Fields { + + /** + * The key for the name field. + */ + public static final String CVE_ID = "cve"; + /** + * The key for the vulnerable cpes field. + */ + public static final String VULNERABLE_CPE = "cpe"; + /** + * The key for the description field. + */ + public static final String DESCRIPTION = "description"; + /** + * The key for the xml field. Stores the entire NVD VULNERABLE_CPE Entry. + */ + public static final String XML = "xml"; +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java new file mode 100644 index 000000000..43f64aa0b --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/Index.java @@ -0,0 +1,525 @@ +package org.codesecure.dependencycheck.data.nvdcve; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.*; +import java.net.MalformedURLException; +import java.net.URL; +import java.util.*; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Matcher; +import java.util.regex.Pattern; +import javax.xml.bind.JAXBException; +import javax.xml.parsers.ParserConfigurationException; +import org.apache.lucene.analysis.Analyzer; +import org.apache.lucene.analysis.KeywordAnalyzer; +import org.apache.lucene.analysis.PerFieldAnalyzerWrapper; +import org.apache.lucene.analysis.standard.StandardAnalyzer; +import org.apache.lucene.store.Directory; +import org.apache.lucene.store.FSDirectory; +import org.apache.lucene.util.Version; +import org.codesecure.dependencycheck.data.CachedWebDataSource; +import org.codesecure.dependencycheck.data.UpdateException; +import org.codesecure.dependencycheck.data.lucene.AbstractIndex; +import org.codesecure.dependencycheck.data.nvdcve.xml.Importer; +import org.codesecure.dependencycheck.utils.DownloadFailedException; +import org.codesecure.dependencycheck.utils.Downloader; +import org.codesecure.dependencycheck.utils.Settings; +import org.xml.sax.SAXException; + +/** + * The Index class is used to utilize and maintain the NVD CVE Index. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class Index extends AbstractIndex implements CachedWebDataSource { + + /** + * The name of the properties file containing the timestamp of the last + * update. + */ + private static final String UPDATE_PROPERTIES_FILE = "lastupdated.prop"; + /** + * The properties file key for the last updated field - used to store the + * last updated time of the Modified NVD CVE xml file. + */ + private static final String LAST_UPDATED_MODIFIED = "lastupdated.modified"; + /** + * Stores the last updated time for each of the NVD CVE files. These + * timestamps should be updated if we process the modified file within 7 + * days of the last update. + */ + private static final String LAST_UPDATED_BASE = "lastupdated."; + + /** + * Returns the directory that holds the NVD CVE Index. + * + * @return the Directory containing the NVD CVE Index. + * @throws IOException is thrown if an IOException occurs. + */ + public Directory getDirectory() throws IOException { + String fileName = Settings.getString(Settings.KEYS.CVE_INDEX); + File path = new File(fileName); + Directory dir = FSDirectory.open(path); + return dir; + } + + /** + * Creates an Analyzer for the NVD VULNERABLE_CPE Index. + * + * @return the VULNERABLE_CPE Analyzer. + */ + @SuppressWarnings("unchecked") + public Analyzer createAnalyzer() { + Map fieldAnalyzers = new HashMap(); + + fieldAnalyzers.put(Fields.CVE_ID, new KeywordAnalyzer()); + fieldAnalyzers.put(Fields.VULNERABLE_CPE, new KeywordAnalyzer()); + + PerFieldAnalyzerWrapper wrapper = new PerFieldAnalyzerWrapper( + new StandardAnalyzer(Version.LUCENE_35), fieldAnalyzers); + + return wrapper; + } + + /** + *

Downloads the latest NVD CVE XML file from the web and imports it into + * the current CVE Index.

+ * + * @throws UpdateException is thrown if there is an error updating the index + */ + public void update() throws UpdateException { + try { + Map update = updateNeeded(); + int maxUpdates = 0; + for (NvdCveUrl cve : update.values()) { + if (cve.getNeedsUpdate()) { + maxUpdates += 1; + } + } + if (maxUpdates > 3) { + Logger.getLogger(Index.class.getName()).log(Level.WARNING, "NVD CVE requires several updates. This could take a couple of hours. To avoid this in the future, ensure that an update is run at least every seven days."); + } + int count = 0; + for (NvdCveUrl cve : update.values()) { + if (cve.getNeedsUpdate()) { + count += 1; + Logger.getLogger(Index.class.getName()).log(Level.WARNING, "Updating NVD CVE (" + count + " of " + maxUpdates + ") :" + cve.getUrl()); + URL url = new URL(cve.getUrl()); + File outputPath = null; + try { + outputPath = File.createTempFile("cve" + cve.getId() + "_", ".xml"); + Downloader.fetchFile(url, outputPath, false); + Importer.importXML(outputPath.toString()); + } catch (FileNotFoundException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (JAXBException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (ParserConfigurationException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (SAXException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (IOException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } finally { + try { + if (outputPath != null && outputPath.exists()) { + outputPath.delete(); + } + } finally { + if (outputPath != null && outputPath.exists()) { + outputPath.deleteOnExit(); + } + } + } + } + } + if (maxUpdates >= 1) { + writeLastUpdatedPropertyFile(update); + } + } catch (MalformedURLException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } catch (DownloadFailedException ex) { + //Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new UpdateException(ex); + } + } + + /** + * Writes a properties file containing the last updated date to the + * VULNERABLE_CPE directory. + * + * @param timeStamp the timestamp to write. + */ + private void writeLastUpdatedPropertyFile(Map updated) { + String dir = Settings.getString(Settings.KEYS.CVE_INDEX); + File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); + Properties prop = new Properties(); + + for (NvdCveUrl cve : updated.values()) { + prop.put(LAST_UPDATED_BASE + cve.id, String.valueOf(cve.getTimestamp())); + } + + OutputStream os = null; + try { + os = new FileOutputStream(cveProp); + OutputStreamWriter out = new OutputStreamWriter(os); + prop.store(out, dir); + } catch (FileNotFoundException ex) { + Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + } catch (IOException ex) { + Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + } finally { + try { + os.flush(); + } catch (IOException ex) { + Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + } + try { + os.close(); + } catch (IOException ex) { + Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + } + } + } + + /** + * Determines if the index needs to be updated. This is done by fetching the + * nvd cve meta data and checking the last update date. If the data needs to + * be refreshed this method will return the NvdCveUrl for the files that + * need to be updated. + * + * @return the NvdCveUrl of the files that need to be updated. + * @throws MalformedURLException is thrown if the URL for the NVD CVE Meta + * data is incorrect. + * @throws DownloadFailedException is thrown if there is an error + * downloading the nvd cve download data file. + */ + public Map updateNeeded() throws MalformedURLException, DownloadFailedException { + + Map currentlyPublished; + try { + currentlyPublished = retrieveCurrentTimestampsFromWeb(); + } catch (InvalidDataException ex) { + Logger.getLogger(Index.class.getName()).log(Level.SEVERE, null, ex); + throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page", ex); + } + if (currentlyPublished == null) { + throw new DownloadFailedException("Unable to retrieve valid timestamp from nvd cve downloads page"); + } + String dir = Settings.getString(Settings.KEYS.CVE_INDEX); + File f = new File(dir); + if (f.exists()) { + File cveProp = new File(dir + File.separatorChar + UPDATE_PROPERTIES_FILE); + if (cveProp.exists()) { + Properties prop = new Properties(); + InputStream is; + try { + is = new FileInputStream(cveProp); + prop.load(is); + long lastUpdated = Long.parseLong(prop.getProperty(Index.LAST_UPDATED_MODIFIED)); + Date now = new Date(); + int days = Settings.getInt(Settings.KEYS.CVE_MODIFIED_VALID_FOR_DAYS); + int maxEntries = Settings.getInt(Settings.KEYS.CVE_URL_COUNT); + if (lastUpdated == currentlyPublished.get("modified").timestamp) { + currentlyPublished.clear(); //we don't need to update anything. + } else if (withinRange(lastUpdated, now.getTime(), days)) { + currentlyPublished.get("modified").setNeedsUpdate(true); + for (int i = 1; i <= maxEntries; i++) { + currentlyPublished.get(String.valueOf(i)).setNeedsUpdate(false); + } + } else { //we figure out which of the several XML files need to be downloaded. + currentlyPublished.get("modified").setNeedsUpdate(false); + for (int i = 1; i <= maxEntries; i++) { + NvdCveUrl cve = currentlyPublished.get(String.valueOf(i)); + long currentTimestamp = 0; + try { + currentTimestamp = Long.parseLong(prop.getProperty(LAST_UPDATED_BASE + String.valueOf(i), "0")); + } catch (NumberFormatException ex) { + Logger.getLogger(Index.class.getName()).log(Level.FINEST, "Error parsing " + LAST_UPDATED_BASE + + String.valueOf(i) + " from nvdcve.lastupdated", ex); + } + if (currentTimestamp == cve.getTimestamp()) { + cve.setNeedsUpdate(false); //they default to true. + } + } + } + } catch (FileNotFoundException ex) { + Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); + } catch (IOException ex) { + Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); + } catch (NumberFormatException ex) { + Logger.getLogger(Index.class.getName()).log(Level.FINEST, null, ex); + } + } + } + return currentlyPublished; + } + + /** + * Determines if the epoch date is within the range specified of the + * compareTo epoch time. This takes the (compareTo-date)/1000/60/60/24 to + * get the number of days. If the calculated days is less then the range the + * date is considered valid. + * + * @param date the date to be checked. + * @param compareTo the date to compare to. + * @param range the range in days to be considered valid. + * @return whether or not the date is within the range. + */ + private boolean withinRange(long date, long compareTo, int range) { + double differenceInDays = (compareTo - date) / 1000 / 60 / 60 / 24; + return differenceInDays < range; + } + + /** + * Retrieves the timestamps from the NVD CVE meta data file. + * + * @return the timestamp from the currently published nvdcve downloads page + * @throws MalformedURLException is thrown if the URL for the NVD CCE Meta + * data is incorrect. + * @throws DownloadFailedException is thrown if there is an error + * downloading the nvd cve meta data file + * @throws InvalidDataException is thrown if there is an exception parsing + * the timestamps + */ + protected Map retrieveCurrentTimestampsFromWeb() throws MalformedURLException, DownloadFailedException, InvalidDataException { + Map map = new HashMap(); + + File tmp = null; + try { + tmp = File.createTempFile("cve", "meta"); + URL url = new URL(Settings.getString(Settings.KEYS.CVE_META_URL)); + Downloader.fetchFile(url, tmp); + String html = readFile(tmp); + + String retrieveUrl = Settings.getString(Settings.KEYS.CVE_MODIFIED_URL); + NvdCveUrl cve = createNvdCveUrl("modified", retrieveUrl, html); + cve.setNeedsUpdate(false); //the others default to true, to make life easier later this should default to false. + map.put("modified", cve); + int max = Settings.getInt(Settings.KEYS.CVE_URL_COUNT); + for (int i = 1; i <= max; i++) { + retrieveUrl = Settings.getString(Settings.KEYS.CVE_BASE_URL + i); + String key = Integer.toString(i); + cve = createNvdCveUrl(key, retrieveUrl, html); + map.put(key, cve); + } + } catch (IOException ex) { + throw new DownloadFailedException("Unable to create temporary file for NVD CVE Meta File download.", ex); + } finally { + try { + if (tmp != null && tmp.exists()) { + tmp.delete(); + } + } finally { + if (tmp != null && tmp.exists()) { + tmp.deleteOnExit(); + } + } + } + return map; + } + + /** + * Creates a new NvdCveUrl object from the provide id, url, and text/html + * from the NVD CVE downloads page. + * + * @param id the name of this NVD CVE Url + * @param retrieveUrl the URL to download the file from + * @param text a bit of HTML from the NVD CVE downloads page that contains + * the URL and the last updated timestamp. + * @return a shiny new NvdCveUrl object. + * @throws InvalidDataException is thrown if the timestamp could not be + * extracted from the provided text. + */ + private NvdCveUrl createNvdCveUrl(String id, String retrieveUrl, String text) throws InvalidDataException { + Pattern pattern = Pattern.compile(Pattern.quote(retrieveUrl) + ".+?\\ 0) { + pos += 9; + try { + String timestampstr = line.substring(pos, line.length() - 3).replace("at ", ""); + long timestamp = getEpochTimeFromDateTime(timestampstr); + item.setTimestamp(timestamp); + } catch (NumberFormatException ex) { + throw new InvalidDataException("NVD CVE Meta file does not contain a valid timestamp for '" + retrieveUrl + "'.", ex); + } + } else { + throw new InvalidDataException("NVD CVE Meta file does not contain the updated timestamp for '" + retrieveUrl + "'."); + } + } else { + throw new InvalidDataException("NVD CVE Meta file does not contain the url for '" + retrieveUrl + "'."); + } + return item; + } + + /** + * Parses a timestamp in the format of "MM/dd/yy hh:mm" into a calendar + * object and returns the epoch time. Note, this removes the millisecond + * portion of the epoch time so all numbers returned should end in 000. + * + * @param timestamp a string in the format of "MM/dd/yy hh:mm" + * @return a Calendar object. + * @throws NumberFormatException if the timestamp was parsed incorrectly. + */ + private long getEpochTimeFromDateTime(String timestamp) throws NumberFormatException { + Calendar c = new GregorianCalendar(); + int month = Integer.parseInt(timestamp.substring(0, 2)); + int date = Integer.parseInt(timestamp.substring(3, 5)); + int year = 2000 + Integer.parseInt(timestamp.substring(6, 8)); + int hourOfDay = Integer.parseInt(timestamp.substring(9, 11)); + int minute = Integer.parseInt(timestamp.substring(12, 14)); + c.set(year, month, date, hourOfDay, minute, 0); + long t = c.getTimeInMillis(); + t = (t / 1000) * 1000; + return t; + } + + /** + * Reads a file into a string. + * + * @param file the file to be read. + * @return the contents of the file. + * @throws IOException is thrown if an IOExcpetion occurs. + */ + private String readFile(File file) throws IOException { + FileReader stream = new FileReader(file); + StringBuilder str = new StringBuilder((int) file.length()); + try { + char[] buf = new char[8096]; + int read = stream.read(buf, 0, 8096); + while (read > 0) { + str.append(buf, 0, read); + read = stream.read(buf, 0, 8096); + } + } finally { + stream.close(); + } + return str.toString(); + } + + /** + * A pojo that contains the Url and timestamp of the current NvdCve XML + * files. + */ + protected class NvdCveUrl { + + /** + * an id. + */ + private String id; + + /** + * Get the value of id + * + * @return the value of id + */ + public String getId() { + return id; + } + + /** + * Set the value of id + * + * @param id new value of id + */ + public void setId(String id) { + this.id = id; + } + /** + * a url. + */ + private String url; + + /** + * Get the value of url + * + * @return the value of url + */ + public String getUrl() { + return url; + } + + /** + * Set the value of url + * + * @param url new value of url + */ + public void setUrl(String url) { + this.url = url; + } + /** + * a timestamp - epoch time. + */ + private long timestamp; + + /** + * Get the value of timestamp - epoch time + * + * @return the value of timestamp - epoch time + */ + public long getTimestamp() { + return timestamp; + } + + /** + * Set the value of timestamp - epoch time + * + * @param timestamp new value of timestamp - epoch time + */ + public void setTimestamp(long timestamp) { + this.timestamp = timestamp; + } + /** + * indicates whether or not this item should be updated. + */ + private boolean needsUpdate = true; + + /** + * Get the value of needsUpdate + * + * @return the value of needsUpdate + */ + public boolean getNeedsUpdate() { + return needsUpdate; + } + + /** + * Set the value of needsUpdate + * + * @param needsUpdate new value of needsUpdate + */ + public void setNeedsUpdate(boolean needsUpdate) { + this.needsUpdate = needsUpdate; + } + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/InvalidDataException.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/InvalidDataException.java new file mode 100644 index 000000000..1dd3442ed --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/InvalidDataException.java @@ -0,0 +1,47 @@ +package org.codesecure.dependencycheck.data.nvdcve; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +/** + * An InvalidataDataException is a generic exception used when trying to load + * the nvd cve meta data. + * + * @author Jeremy + */ +class InvalidDataException extends Exception { + + /** + * Creates an InvalidDataException + * + * @param msg the exception message + */ + public InvalidDataException(String msg) { + super(msg); + } + + /** + * Creates an InvalidDataException + * + * @param msg the exception message + * @param ex the cause of the exception + */ + public InvalidDataException(String msg, Exception ex) { + super(msg, ex); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java new file mode 100644 index 000000000..8526ae455 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/NvdCveAnalyzer.java @@ -0,0 +1,225 @@ +package org.codesecure.dependencycheck.data.nvdcve; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Set; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import org.apache.lucene.document.Document; +import org.apache.lucene.index.Term; +import org.apache.lucene.search.*; +import org.codesecure.dependencycheck.analyzer.AnalysisException; +import org.codesecure.dependencycheck.analyzer.AnalysisPhase; +import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityReferenceType; +import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType; +import org.codesecure.dependencycheck.dependency.Dependency; +import org.codesecure.dependencycheck.dependency.Vulnerability; +import org.codesecure.dependencycheck.dependency.Identifier; +import org.codesecure.dependencycheck.dependency.Reference; + +/** + * NvdCveAnalyzer is a utility class that takes a project dependency and + * attempts to decern if there is an associated CVEs. It uses the the + * identifiers found by other analyzers to lookup the CVE data. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class NvdCveAnalyzer implements org.codesecure.dependencycheck.analyzer.Analyzer { + + /** + * The maximum number of query results to return. + */ + static final int MAX_QUERY_RESULTS = 100; + /** + * The CVE Index. + */ + protected Index cve = null; + /** + * The Lucene IndexSearcher. + */ + private IndexSearcher indexSearcher = null; + + /** + * Opens the data source. + * + * @throws IOException when the Lucene directory to be querried does not + * exist or is corrupt. + */ + public void open() throws IOException { + cve = new Index(); + cve.open(); + indexSearcher = cve.getIndexSearcher(); + } + + /** + * Closes the data source. + */ + public void close() { + indexSearcher = null; + cve.close(); + } + + /** + * Returns the status of the data source - is the index open. + * + * @return true or false. + */ + public boolean isOpen() { + return (cve == null) ? false : cve.isOpen(); + } + + /** + * Ensures that the Lucene index is closed. + * + * @throws Throwable when a throwable is thrown. + */ + @Override + protected void finalize() throws Throwable { + super.finalize(); + if (isOpen()) { + close(); + } + } + + /** + * Analyzes a dependency and attempts to determine if there are any CPE + * identifiers for this dependency. + * + * @param dependency The Dependency to analyze. + * @throws AnalysisException is thrown if there is an issue analyzing the + * dependency. + */ + public void analyze(Dependency dependency) throws AnalysisException { + for (Identifier id : dependency.getIdentifiers()) { + if ("cpe".equals(id.getType())) { + try { + String value = id.getValue(); + Term term1 = new Term(Fields.VULNERABLE_CPE, value); + Query query1 = new TermQuery(term1); + + //need to get the cpe:/a:vendor:product - some CVEs are referenced very broadly. + //find the index of the colon after the product of the cpe value + //cpe:/a:microsoft:anti-cross_site_scripting_library:3.1 + int pos = value.indexOf(":", 7) + 1; + pos = value.indexOf(":", pos); + String productVendor = value.substring(0, pos); + Term term2 = new Term(Fields.VULNERABLE_CPE, productVendor); + Query query2 = new TermQuery(term2); + + BooleanQuery query = new BooleanQuery(); + query.add(query1, BooleanClause.Occur.SHOULD); + query.add(query2, BooleanClause.Occur.SHOULD); + + TopDocs docs = indexSearcher.search(query, MAX_QUERY_RESULTS); + for (ScoreDoc d : docs.scoreDocs) { + Document doc = indexSearcher.doc(d.doc); + String xml = doc.get(Fields.XML); + Vulnerability vuln; + try { + vuln = parseVulnerability(xml); + dependency.addVulnerability(vuln); + } catch (JAXBException ex) { + Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + dependency.addAnalysisException(new AnalysisException("Unable to retrieve vulnerability data", ex)); + } + } + } catch (IOException ex) { + Logger.getLogger(NvdCveAnalyzer.class.getName()).log(Level.SEVERE, null, ex); + throw new AnalysisException("Exception occured while determining CVEs", ex); + } + } + } + } + + /** + * Returns true because this analyzer supports all dependency types. + * + * @return true. + */ + public Set getSupportedExtensions() { + return null; + } + + /** + * Returns the name of this analyzer. + * + * @return the name of this analyzer. + */ + public String getName() { + return "NVD CVE Analyzer"; + } + + /** + * Returns true because this analyzer supports all dependency types. + * + * @param extension the file extension of the dependency being analyzed. + * @return true. + */ + public boolean supportsExtension(String extension) { + return true; + } + + /** + * Returns the analysis phase that this analyzer should run in. + * + * @return the analysis phase that this analyzer should run in. + */ + public AnalysisPhase getAnalysisPhase() { + return AnalysisPhase.FINDING_ANALYSIS; + } + + /** + * Opens the NVD CVE Lucene Index. + * + * @throws Exception is thrown if there is an issue opening the index. + */ + public void initialize() throws Exception { + this.open(); + } + + private Vulnerability parseVulnerability(String xml) throws JAXBException { + + JAXBContext jaxbContext = JAXBContext.newInstance(VulnerabilityType.class); + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + ByteArrayInputStream input = new ByteArrayInputStream(xml.getBytes()); + VulnerabilityType cvedata = (VulnerabilityType) unmarshaller.unmarshal(input); + if (cvedata == null) { + return null; + } + + Vulnerability vuln = new Vulnerability(); + vuln.setName(cvedata.getId()); + vuln.setDescription(cvedata.getSummary()); + if (cvedata.getReferences() != null) { + for (VulnerabilityReferenceType r : cvedata.getReferences()) { + Reference ref = new Reference(); + ref.setName(r.getReference().getValue()); + ref.setSource(r.getSource()); + ref.setUrl(r.getReference().getHref()); + vuln.addReference(ref); + } + } + return vuln; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityEnumType.java new file mode 100644 index 000000000..ad7f98cd0 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityEnumType.java @@ -0,0 +1,63 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for accessComplexityEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="accessComplexityEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="HIGH"/>
+ *     <enumeration value="MEDIUM"/>
+ *     <enumeration value="LOW"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "accessComplexityEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum AccessComplexityEnumType { + + HIGH, + MEDIUM, + LOW; + + public String value() { + return name(); + } + + public static AccessComplexityEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityType.java new file mode 100644 index 000000000..e84b1b78f --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessComplexityType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for accessComplexityType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="accessComplexityType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>accessComplexityEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "accessComplexityType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class AccessComplexityType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AccessComplexityEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link AccessComplexityEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AccessComplexityEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link AccessComplexityEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(AccessComplexityEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorEnumType.java new file mode 100644 index 000000000..4592ea863 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorEnumType.java @@ -0,0 +1,63 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for accessVectorEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="accessVectorEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="LOCAL"/>
+ *     <enumeration value="ADJACENT_NETWORK"/>
+ *     <enumeration value="NETWORK"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "accessVectorEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum AccessVectorEnumType { + + LOCAL, + ADJACENT_NETWORK, + NETWORK; + + public String value() { + return name(); + } + + public static AccessVectorEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorType.java new file mode 100644 index 000000000..596e070c0 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AccessVectorType.java @@ -0,0 +1,124 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// + + +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + + +/** + *

Java class for accessVectorType complex type. + * + *

The following schema fragment specifies the expected content contained within this class. + * + * 

+ * <complexType name="accessVectorType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>accessVectorEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "accessVectorType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class AccessVectorType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AccessVectorEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link AccessVectorEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AccessVectorEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link AccessVectorEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(AccessVectorEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return + * possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value + * allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } + +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AssociatedExploitLocationType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AssociatedExploitLocationType.java new file mode 100644 index 000000000..2459cde7a --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AssociatedExploitLocationType.java @@ -0,0 +1,174 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for associatedExploitLocationType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="associatedExploitLocationType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="physical-access" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
+ *         <element name="voluntarily-interact" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
+ *         <element name="dialup" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
+ *         <element name="unknown" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "associatedExploitLocationType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "physicalAccess", + "voluntarilyInteract", + "dialup", + "unknown" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class AssociatedExploitLocationType { + + @XmlElement(name = "physical-access", defaultValue = "false") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean physicalAccess; + @XmlElement(name = "voluntarily-interact", defaultValue = "false") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean voluntarilyInteract; + @XmlElement(defaultValue = "false") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean dialup; + @XmlElement(defaultValue = "false") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean unknown; + + /** + * Gets the value of the physicalAccess property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Boolean isPhysicalAccess() { + return physicalAccess; + } + + /** + * Sets the value of the physicalAccess property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setPhysicalAccess(Boolean value) { + this.physicalAccess = value; + } + + /** + * Gets the value of the voluntarilyInteract property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Boolean isVoluntarilyInteract() { + return voluntarilyInteract; + } + + /** + * Sets the value of the voluntarilyInteract property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setVoluntarilyInteract(Boolean value) { + this.voluntarilyInteract = value; + } + + /** + * Gets the value of the dialup property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Boolean isDialup() { + return dialup; + } + + /** + * Sets the value of the dialup property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDialup(Boolean value) { + this.dialup = value; + } + + /** + * Gets the value of the unknown property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Boolean isUnknown() { + return unknown; + } + + /** + * Sets the value of the unknown property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setUnknown(Boolean value) { + this.unknown = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationEnumType.java new file mode 100644 index 000000000..6349ca81d --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationEnumType.java @@ -0,0 +1,63 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for authenticationEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="authenticationEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="MULTIPLE_INSTANCES"/>
+ *     <enumeration value="SINGLE_INSTANCE"/>
+ *     <enumeration value="NONE"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "authenticationEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum AuthenticationEnumType { + + MULTIPLE_INSTANCES, + SINGLE_INSTANCE, + NONE; + + public String value() { + return name(); + } + + public static AuthenticationEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationType.java new file mode 100644 index 000000000..ece74a8ad --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/AuthenticationType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for authenticationType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="authenticationType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>authenticationEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "authenticationType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class AuthenticationType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AuthenticationEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link AuthenticationEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AuthenticationEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link AuthenticationEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(AuthenticationEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/BaseMetricsType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/BaseMetricsType.java new file mode 100644 index 000000000..c2b3395a8 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/BaseMetricsType.java @@ -0,0 +1,376 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.math.BigDecimal; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.datatype.XMLGregorianCalendar; + +/** + *

Java class for baseMetricsType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="baseMetricsType">
+ *   <complexContent>
+ *     <extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
+ *       <sequence>
+ *         <element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
+ *         <element name="exploit-subscore" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
+ *         <element name="impact-subscore" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
+ *         <group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}baseVectorsGroup"/>
+ *         <element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ *         <element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *       </sequence>
+ *     </extension>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "baseMetricsType", propOrder = { + "score", + "exploitSubscore", + "impactSubscore", + "accessVector", + "accessComplexity", + "authentication", + "confidentialityImpact", + "integrityImpact", + "availabilityImpact", + "source", + "generatedOnDatetime" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class BaseMetricsType + extends MetricsType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal score; + @XmlElement(name = "exploit-subscore") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal exploitSubscore; + @XmlElement(name = "impact-subscore") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal impactSubscore; + @XmlElement(name = "access-vector") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AccessVectorType accessVector; + @XmlElement(name = "access-complexity") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AccessComplexityType accessComplexity; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AuthenticationType authentication; + @XmlElement(name = "confidentiality-impact") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaType confidentialityImpact; + @XmlElement(name = "integrity-impact") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaType integrityImpact; + @XmlElement(name = "availability-impact") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaType availabilityImpact; + @XmlElement(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String source; + @XmlElement(name = "generated-on-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar generatedOnDatetime; + + /** + * Gets the value of the score property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getScore() { + return score; + } + + /** + * Sets the value of the score property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setScore(BigDecimal value) { + this.score = value; + } + + /** + * Gets the value of the exploitSubscore property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getExploitSubscore() { + return exploitSubscore; + } + + /** + * Sets the value of the exploitSubscore property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setExploitSubscore(BigDecimal value) { + this.exploitSubscore = value; + } + + /** + * Gets the value of the impactSubscore property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getImpactSubscore() { + return impactSubscore; + } + + /** + * Sets the value of the impactSubscore property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setImpactSubscore(BigDecimal value) { + this.impactSubscore = value; + } + + /** + * Gets the value of the accessVector property. + * + * @return possible object is + * {@link AccessVectorType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AccessVectorType getAccessVector() { + return accessVector; + } + + /** + * Sets the value of the accessVector property. + * + * @param value allowed object is + * {@link AccessVectorType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setAccessVector(AccessVectorType value) { + this.accessVector = value; + } + + /** + * Gets the value of the accessComplexity property. + * + * @return possible object is + * {@link AccessComplexityType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AccessComplexityType getAccessComplexity() { + return accessComplexity; + } + + /** + * Sets the value of the accessComplexity property. + * + * @param value allowed object is + * {@link AccessComplexityType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setAccessComplexity(AccessComplexityType value) { + this.accessComplexity = value; + } + + /** + * Gets the value of the authentication property. + * + * @return possible object is + * {@link AuthenticationType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AuthenticationType getAuthentication() { + return authentication; + } + + /** + * Sets the value of the authentication property. + * + * @param value allowed object is + * {@link AuthenticationType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setAuthentication(AuthenticationType value) { + this.authentication = value; + } + + /** + * Gets the value of the confidentialityImpact property. + * + * @return possible object is + * {@link CiaType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaType getConfidentialityImpact() { + return confidentialityImpact; + } + + /** + * Sets the value of the confidentialityImpact property. + * + * @param value allowed object is + * {@link CiaType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setConfidentialityImpact(CiaType value) { + this.confidentialityImpact = value; + } + + /** + * Gets the value of the integrityImpact property. + * + * @return possible object is + * {@link CiaType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaType getIntegrityImpact() { + return integrityImpact; + } + + /** + * Sets the value of the integrityImpact property. + * + * @param value allowed object is + * {@link CiaType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setIntegrityImpact(CiaType value) { + this.integrityImpact = value; + } + + /** + * Gets the value of the availabilityImpact property. + * + * @return possible object is + * {@link CiaType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaType getAvailabilityImpact() { + return availabilityImpact; + } + + /** + * Sets the value of the availabilityImpact property. + * + * @param value allowed object is + * {@link CiaType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setAvailabilityImpact(CiaType value) { + this.availabilityImpact = value; + } + + /** + * Gets the value of the source property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSource() { + return source; + } + + /** + * Sets the value of the source property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSource(String value) { + this.source = value; + } + + /** + * Gets the value of the generatedOnDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getGeneratedOnDatetime() { + return generatedOnDatetime; + } + + /** + * Sets the value of the generatedOnDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setGeneratedOnDatetime(XMLGregorianCalendar value) { + this.generatedOnDatetime = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceParameterType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceParameterType.java new file mode 100644 index 000000000..188b14e62 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceParameterType.java @@ -0,0 +1,156 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + *

Java class for cceParameterType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="cceParameterType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="value" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded"/>
+ *       </sequence>
+ *       <attribute name="identifier" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *       <attribute name="operator" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "cceParameterType", namespace = "http://scap.nist.gov/schema/cce/0.1", propOrder = { + "values" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CceParameterType { + + @XmlElement(name = "value", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List values; + @XmlAttribute + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String identifier; + @XmlAttribute + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String operator; + + /** + * Gets the value of the values property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the values property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getValues().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getValues() { + if (values == null) { + values = new ArrayList(); + } + return this.values; + } + + /** + * Gets the value of the identifier property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getIdentifier() { + return identifier; + } + + /** + * Sets the value of the identifier property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setIdentifier(String value) { + this.identifier = value; + } + + /** + * Gets the value of the operator property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getOperator() { + return operator; + } + + /** + * Sets the value of the operator property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setOperator(String value) { + this.operator = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceType.java new file mode 100644 index 000000000..6fdbfccdf --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CceType.java @@ -0,0 +1,215 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + *

Java class for cceType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="cceType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="definition" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ *         <element name="parameter" type="{http://scap.nist.gov/schema/cce/0.1}cceParameterType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="technical-mechanisms" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="references" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="id" use="required" type="{http://scap.nist.gov/schema/cce/0.1}cceNamePatternType" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "cceType", namespace = "http://scap.nist.gov/schema/cce/0.1", propOrder = { + "definition", + "parameters", + "technicalMechanisms", + "references" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CceType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String definition; + @XmlElement(name = "parameter") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List parameters; + @XmlElement(name = "technical-mechanisms") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List technicalMechanisms; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List references; + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String id; + + /** + * Gets the value of the definition property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getDefinition() { + return definition; + } + + /** + * Sets the value of the definition property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDefinition(String value) { + this.definition = value; + } + + /** + * Gets the value of the parameters property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the parameters property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getParameters().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link CceParameterType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getParameters() { + if (parameters == null) { + parameters = new ArrayList(); + } + return this.parameters; + } + + /** + * Gets the value of the technicalMechanisms property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the technicalMechanisms property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getTechnicalMechanisms().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getTechnicalMechanisms() { + if (technicalMechanisms == null) { + technicalMechanisms = new ArrayList(); + } + return this.technicalMechanisms; + } + + /** + * Gets the value of the references property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the references property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getReferences().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getReferences() { + if (references == null) { + references = new ArrayList(); + } + return this.references; + } + + /** + * Gets the value of the id property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setId(String value) { + this.id = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckReferenceType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckReferenceType.java new file mode 100644 index 000000000..70c580e2c --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckReferenceType.java @@ -0,0 +1,153 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + * Data type for the check element, a checking system specification URI, string + * content, and an optional external file reference. The checking system + * specification should be the URI for a particular version of OVAL or a related + * system testing language, and the content will be an identifier of a test + * written in that language. The external file reference could be used to point + * to the file in which the content test identifier is defined. + * + *

Java class for checkReferenceType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="checkReferenceType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <attribute name="system" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ *       <attribute name="href" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ *       <attribute name="name" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "checkReferenceType", namespace = "http://scap.nist.gov/schema/scap-core/0.1") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CheckReferenceType { + + @XmlAttribute(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String system; + @XmlAttribute(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String href; + @XmlAttribute + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String name; + + /** + * Gets the value of the system property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSystem() { + return system; + } + + /** + * Sets the value of the system property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSystem(String value) { + this.system = value; + } + + /** + * Gets the value of the href property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getHref() { + return href; + } + + /** + * Sets the value of the href property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setHref(String value) { + this.href = value; + } + + /** + * Gets the value of the name property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setName(String value) { + this.name = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckSearchType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckSearchType.java new file mode 100644 index 000000000..1408a81c0 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CheckSearchType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + *

Java class for checkSearchType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="checkSearchType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <attribute name="system" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ *       <attribute name="name" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "checkSearchType", namespace = "http://scap.nist.gov/schema/scap-core/0.1") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CheckSearchType { + + @XmlAttribute(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String system; + @XmlAttribute + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String name; + + /** + * Gets the value of the system property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSystem() { + return system; + } + + /** + * Sets the value of the system property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSystem(String value) { + this.system = value; + } + + /** + * Gets the value of the name property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setName(String value) { + this.name = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaEnumType.java new file mode 100644 index 000000000..4434cf1f8 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaEnumType.java @@ -0,0 +1,63 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for ciaEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="ciaEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="NONE"/>
+ *     <enumeration value="PARTIAL"/>
+ *     <enumeration value="COMPLETE"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "ciaEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum CiaEnumType { + + NONE, + PARTIAL, + COMPLETE; + + public String value() { + return name(); + } + + public static CiaEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementEnumType.java new file mode 100644 index 000000000..953de43c7 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementEnumType.java @@ -0,0 +1,65 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for ciaRequirementEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="ciaRequirementEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="LOW"/>
+ *     <enumeration value="MEDIUM"/>
+ *     <enumeration value="HIGH"/>
+ *     <enumeration value="NOT_DEFINED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "ciaRequirementEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum CiaRequirementEnumType { + + LOW, + MEDIUM, + HIGH, + NOT_DEFINED; + + public String value() { + return name(); + } + + public static CiaRequirementEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementType.java new file mode 100644 index 000000000..50fd441ad --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaRequirementType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for ciaRequirementType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="ciaRequirementType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>ciaRequirementEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ciaRequirementType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CiaRequirementType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaRequirementEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link CiaRequirementEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaRequirementEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link CiaRequirementEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(CiaRequirementEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaType.java new file mode 100644 index 000000000..0a7bbc400 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CiaType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for ciaType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="ciaType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>ciaEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ciaType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CiaType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link CiaEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link CiaEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(CiaEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialEnumType.java new file mode 100644 index 000000000..4a9e2542a --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialEnumType.java @@ -0,0 +1,69 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for collateralDamagePotentialEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="collateralDamagePotentialEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="NONE"/>
+ *     <enumeration value="LOW"/>
+ *     <enumeration value="LOW_MEDIUM"/>
+ *     <enumeration value="MEDIUM_HIGH"/>
+ *     <enumeration value="HIGH"/>
+ *     <enumeration value="NOT_DEFINED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "collateralDamagePotentialEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum CollateralDamagePotentialEnumType { + + NONE, + LOW, + LOW_MEDIUM, + MEDIUM_HIGH, + HIGH, + NOT_DEFINED; + + public String value() { + return name(); + } + + public static CollateralDamagePotentialEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialType.java new file mode 100644 index 000000000..63d47afbc --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CollateralDamagePotentialType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for collateralDamagePotentialType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="collateralDamagePotentialType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>collateralDamagePotentialEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "collateralDamagePotentialType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CollateralDamagePotentialType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CollateralDamagePotentialEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link CollateralDamagePotentialEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CollateralDamagePotentialEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link CollateralDamagePotentialEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(CollateralDamagePotentialEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceEnumType.java new file mode 100644 index 000000000..16f72effc --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceEnumType.java @@ -0,0 +1,65 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for confidenceEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="confidenceEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="UNCONFIRMED"/>
+ *     <enumeration value="UNCORROBORATED"/>
+ *     <enumeration value="CONFIRMED"/>
+ *     <enumeration value="NOT_DEFINED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "confidenceEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum ConfidenceEnumType { + + UNCONFIRMED, + UNCORROBORATED, + CONFIRMED, + NOT_DEFINED; + + public String value() { + return name(); + } + + public static ConfidenceEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceType.java new file mode 100644 index 000000000..a2013a3ad --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ConfidenceType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for confidenceType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="confidenceType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>confidenceEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "confidenceType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class ConfidenceType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected ConfidenceEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link ConfidenceEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public ConfidenceEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link ConfidenceEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(ConfidenceEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveStatus.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveStatus.java new file mode 100644 index 000000000..b63aef371 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveStatus.java @@ -0,0 +1,63 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for cveStatus. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="cveStatus">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="CANDIDATE"/>
+ *     <enumeration value="ENTRY"/>
+ *     <enumeration value="DEPRECATED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "cveStatus", namespace = "http://scap.nist.gov/schema/cve/0.1") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum CveStatus { + + CANDIDATE, + ENTRY, + DEPRECATED; + + public String value() { + return name(); + } + + public static CveStatus fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveType.java new file mode 100644 index 000000000..62c0e85e1 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CveType.java @@ -0,0 +1,178 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + *

Java class for cveType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="cveType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="status" type="{http://scap.nist.gov/schema/cve/0.1}cveStatus" minOccurs="0"/>
+ *         <element name="description" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ *         <element name="references" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="id" use="required" type="{http://scap.nist.gov/schema/cve/0.1}cveNamePatternType" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "cveType", namespace = "http://scap.nist.gov/schema/cve/0.1", propOrder = { + "status", + "description", + "references" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CveType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CveStatus status; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String description; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List references; + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String id; + + /** + * Gets the value of the status property. + * + * @return possible object is + * {@link CveStatus } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CveStatus getStatus() { + return status; + } + + /** + * Sets the value of the status property. + * + * @param value allowed object is + * {@link CveStatus } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setStatus(CveStatus value) { + this.status = value; + } + + /** + * Gets the value of the description property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getDescription() { + return description; + } + + /** + * Sets the value of the description property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDescription(String value) { + this.description = value; + } + + /** + * Gets the value of the references property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the references property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getReferences().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getReferences() { + if (references == null) { + references = new ArrayList(); + } + return this.references; + } + + /** + * Gets the value of the id property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setId(String value) { + this.id = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssImpactType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssImpactType.java new file mode 100644 index 000000000..0f8d1b446 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssImpactType.java @@ -0,0 +1,59 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for cvssImpactType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="cvssImpactType">
+ *   <complexContent>
+ *     <restriction base="{http://scap.nist.gov/schema/cvss-v2/0.2}cvssType">
+ *       <sequence>
+ *         <element name="base_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}baseMetricsType"/>
+ *         <element name="environmental_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalMetricsType" minOccurs="0"/>
+ *         <element name="temporal_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalMetricsType" minOccurs="0"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "cvssImpactType") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CvssImpactType + extends CvssType { +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssType.java new file mode 100644 index 000000000..3c781e7d0 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CvssType.java @@ -0,0 +1,170 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; + +/** + * "This schema was intentionally designed to avoid mixing classes and + * attributes between CVSS version 1, CVSS version 2, and future versions. + * Scores in the CVSS system are interdependent. The temporal score is a + * multiplier of the base score. The environmental score, in turn, is a + * multiplier of the temporal score. The ability to transfer these scores + * independently is provided on the assumption that the user understands the + * business logic. For any given metric, it is preferred that the score, as a + * minimum is provided, however the score can be re-created from the metrics or + * the multiplier and any scores they are dependent on." + * + *

Java class for cvssType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="cvssType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="base_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}baseMetricsType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="environmental_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalMetricsType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="temporal_metrics" type="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalMetricsType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "cvssType", propOrder = { + "baseMetrics", + "environmentalMetrics", + "temporalMetrics" +}) +@XmlSeeAlso({ + CvssImpactType.class +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CvssType { + + @XmlElement(name = "base_metrics") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List baseMetrics; + @XmlElement(name = "environmental_metrics") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List environmentalMetrics; + @XmlElement(name = "temporal_metrics") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List temporalMetrics; + + /** + * Gets the value of the baseMetrics property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the baseMetrics property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getBaseMetrics().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link BaseMetricsType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getBaseMetrics() { + if (baseMetrics == null) { + baseMetrics = new ArrayList(); + } + return this.baseMetrics; + } + + /** + * Gets the value of the environmentalMetrics property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the environmentalMetrics property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getEnvironmentalMetrics().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link EnvironmentalMetricsType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getEnvironmentalMetrics() { + if (environmentalMetrics == null) { + environmentalMetrics = new ArrayList(); + } + return this.environmentalMetrics; + } + + /** + * Gets the value of the temporalMetrics property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the temporalMetrics property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getTemporalMetrics().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link TemporalMetricsType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getTemporalMetrics() { + if (temporalMetrics == null) { + temporalMetrics = new ArrayList(); + } + return this.temporalMetrics; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CweReferenceType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CweReferenceType.java new file mode 100644 index 000000000..0d0baebd9 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/CweReferenceType.java @@ -0,0 +1,86 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + *

Java class for cweReferenceType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="cweReferenceType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <attribute name="id" use="required" type="{http://scap.nist.gov/schema/scap-core/0.1}cweNamePatternType" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "cweReferenceType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class CweReferenceType { + + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String id; + + /** + * Gets the value of the id property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setId(String value) { + this.id = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/EnvironmentalMetricsType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/EnvironmentalMetricsType.java new file mode 100644 index 000000000..4749c1c3d --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/EnvironmentalMetricsType.java @@ -0,0 +1,291 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.math.BigDecimal; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.datatype.XMLGregorianCalendar; + +/** + *

Java class for environmentalMetricsType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="environmentalMetricsType">
+ *   <complexContent>
+ *     <extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
+ *       <sequence>
+ *         <element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
+ *         <group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}environmentalVectorsGroup"/>
+ *         <element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ *         <element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *       </sequence>
+ *     </extension>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "environmentalMetricsType", propOrder = { + "score", + "collateralDamagePotential", + "targetDistribution", + "confidentialityRequirement", + "integrityRequirement", + "availabilityRequirement", + "source", + "generatedOnDatetime" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class EnvironmentalMetricsType + extends MetricsType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal score; + @XmlElement(name = "collateral-damage-potential") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CollateralDamagePotentialType collateralDamagePotential; + @XmlElement(name = "target-distribution") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected TargetDistributionType targetDistribution; + @XmlElement(name = "confidentiality-requirement") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaRequirementType confidentialityRequirement; + @XmlElement(name = "integrity-requirement") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaRequirementType integrityRequirement; + @XmlElement(name = "availability-requirement") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CiaRequirementType availabilityRequirement; + @XmlElement(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String source; + @XmlElement(name = "generated-on-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar generatedOnDatetime; + + /** + * Gets the value of the score property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getScore() { + return score; + } + + /** + * Sets the value of the score property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setScore(BigDecimal value) { + this.score = value; + } + + /** + * Gets the value of the collateralDamagePotential property. + * + * @return possible object is + * {@link CollateralDamagePotentialType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CollateralDamagePotentialType getCollateralDamagePotential() { + return collateralDamagePotential; + } + + /** + * Sets the value of the collateralDamagePotential property. + * + * @param value allowed object is + * {@link CollateralDamagePotentialType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setCollateralDamagePotential(CollateralDamagePotentialType value) { + this.collateralDamagePotential = value; + } + + /** + * Gets the value of the targetDistribution property. + * + * @return possible object is + * {@link TargetDistributionType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public TargetDistributionType getTargetDistribution() { + return targetDistribution; + } + + /** + * Sets the value of the targetDistribution property. + * + * @param value allowed object is + * {@link TargetDistributionType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setTargetDistribution(TargetDistributionType value) { + this.targetDistribution = value; + } + + /** + * Gets the value of the confidentialityRequirement property. + * + * @return possible object is + * {@link CiaRequirementType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaRequirementType getConfidentialityRequirement() { + return confidentialityRequirement; + } + + /** + * Sets the value of the confidentialityRequirement property. + * + * @param value allowed object is + * {@link CiaRequirementType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setConfidentialityRequirement(CiaRequirementType value) { + this.confidentialityRequirement = value; + } + + /** + * Gets the value of the integrityRequirement property. + * + * @return possible object is + * {@link CiaRequirementType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaRequirementType getIntegrityRequirement() { + return integrityRequirement; + } + + /** + * Sets the value of the integrityRequirement property. + * + * @param value allowed object is + * {@link CiaRequirementType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setIntegrityRequirement(CiaRequirementType value) { + this.integrityRequirement = value; + } + + /** + * Gets the value of the availabilityRequirement property. + * + * @return possible object is + * {@link CiaRequirementType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CiaRequirementType getAvailabilityRequirement() { + return availabilityRequirement; + } + + /** + * Sets the value of the availabilityRequirement property. + * + * @param value allowed object is + * {@link CiaRequirementType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setAvailabilityRequirement(CiaRequirementType value) { + this.availabilityRequirement = value; + } + + /** + * Gets the value of the source property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSource() { + return source; + } + + /** + * Sets the value of the source property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSource(String value) { + this.source = value; + } + + /** + * Gets the value of the generatedOnDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getGeneratedOnDatetime() { + return generatedOnDatetime; + } + + /** + * Sets the value of the generatedOnDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setGeneratedOnDatetime(XMLGregorianCalendar value) { + this.generatedOnDatetime = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityEnumType.java new file mode 100644 index 000000000..882b56cec --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityEnumType.java @@ -0,0 +1,67 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for exploitabilityEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="exploitabilityEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="UNPROVEN"/>
+ *     <enumeration value="PROOF_OF_CONCEPT"/>
+ *     <enumeration value="FUNCTIONAL"/>
+ *     <enumeration value="HIGH"/>
+ *     <enumeration value="NOT_DEFINED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "exploitabilityEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum ExploitabilityEnumType { + + UNPROVEN, + PROOF_OF_CONCEPT, + FUNCTIONAL, + HIGH, + NOT_DEFINED; + + public String value() { + return name(); + } + + public static ExploitabilityEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityType.java new file mode 100644 index 000000000..f0bb8ba48 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ExploitabilityType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for exploitabilityType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="exploitabilityType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>exploitabilityEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "exploitabilityType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class ExploitabilityType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected ExploitabilityEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link ExploitabilityEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public ExploitabilityEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link ExploitabilityEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(ExploitabilityEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FactRefType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FactRefType.java new file mode 100644 index 000000000..20d2004ee --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FactRefType.java @@ -0,0 +1,86 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + +/** + * The fact-ref element appears as a child of a logical-test element. It is + * simply a reference to a CPE Name that always evaluates to a Boolean result. + * + *

Java class for FactRefType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="FactRefType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <attribute name="name" use="required" type="{http://cpe.mitre.org/language/2.0}namePattern" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "FactRefType", namespace = "http://cpe.mitre.org/language/2.0") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class FactRefType { + + @XmlAttribute(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String name; + + /** + * Gets the value of the name property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setName(String value) { + this.name = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionDescriptionEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionDescriptionEnumType.java new file mode 100644 index 000000000..0025b8550 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionDescriptionEnumType.java @@ -0,0 +1,67 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for fixActionDescriptionEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="fixActionDescriptionEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="PATCH"/>
+ *     <enumeration value="SOFTWARE_UPDATE"/>
+ *     <enumeration value="CONFIGURATION_CHANGE"/>
+ *     <enumeration value="POLICY_CHANGE"/>
+ *     <enumeration value="EXTERNAL_MITIGATION"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "fixActionDescriptionEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum FixActionDescriptionEnumType { + + PATCH, + SOFTWARE_UPDATE, + CONFIGURATION_CHANGE, + POLICY_CHANGE, + EXTERNAL_MITIGATION; + + public String value() { + return name(); + } + + public static FixActionDescriptionEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionType.java new file mode 100644 index 000000000..fc8338dfe --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionType.java @@ -0,0 +1,493 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + * A single fix action should only cover a single patch application, software + * update, configuration change, or external fix. Dependencies should be + * documented by using the "next_fix_action" element to point to a recursive + * list of fix actions. + * + *

Java class for fixActionType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="fixActionType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element ref="{http://scap.nist.gov/schema/patch/0.1}patch" minOccurs="0"/>
+ *         <element name="configuration-remediation" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceType" minOccurs="0"/>
+ *         <element name="software-update" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="notes" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="deprecated-by" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="next-fix-action" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="fix-action-tool-configuration" type="{http://scap.nist.gov/schema/vulnerability/0.4}toolConfigurationType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="applicable-configuration" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="effectiveness" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixEffectivenessEnumType" minOccurs="0"/>
+ *         <element name="applicable-check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="fix_action_description" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionDescriptionEnumType" />
+ *       <attribute name="fix_action_type" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionTypeEnumType" />
+ *       <attribute name="id" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *       <attribute name="source" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "fixActionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "patch", + "configurationRemediation", + "softwareUpdates", + "notes", + "deprecatedBies", + "nextFixActions", + "fixActionToolConfigurations", + "applicableConfigurations", + "effectiveness", + "applicableChecks" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class FixActionType { + + @XmlElement(namespace = "http://scap.nist.gov/schema/patch/0.1") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Patch patch; + @XmlElement(name = "configuration-remediation") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected VulnerabilityReferenceType configurationRemediation; + @XmlElement(name = "software-update") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List softwareUpdates; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List notes; + @XmlElement(name = "deprecated-by") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List deprecatedBies; + @XmlElement(name = "next-fix-action") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List nextFixActions; + @XmlElement(name = "fix-action-tool-configuration") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List fixActionToolConfigurations; + @XmlElement(name = "applicable-configuration") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List applicableConfigurations; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected FixEffectivenessEnumType effectiveness; + @XmlElement(name = "applicable-check") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List applicableChecks; + @XmlAttribute(name = "fix_action_description", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected FixActionDescriptionEnumType fixActionDescription; + @XmlAttribute(name = "fix_action_type", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected FixActionTypeEnumType fixActionType; + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String id; + @XmlAttribute(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String source; + + /** + * Gets the value of the patch property. + * + * @return possible object is + * {@link Patch } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Patch getPatch() { + return patch; + } + + /** + * Sets the value of the patch property. + * + * @param value allowed object is + * {@link Patch } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setPatch(Patch value) { + this.patch = value; + } + + /** + * Gets the value of the configurationRemediation property. + * + * @return possible object is + * {@link VulnerabilityReferenceType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public VulnerabilityReferenceType getConfigurationRemediation() { + return configurationRemediation; + } + + /** + * Sets the value of the configurationRemediation property. + * + * @param value allowed object is + * {@link VulnerabilityReferenceType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setConfigurationRemediation(VulnerabilityReferenceType value) { + this.configurationRemediation = value; + } + + /** + * Gets the value of the softwareUpdates property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the softwareUpdates property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getSoftwareUpdates().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getSoftwareUpdates() { + if (softwareUpdates == null) { + softwareUpdates = new ArrayList(); + } + return this.softwareUpdates; + } + + /** + * Gets the value of the notes property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the notes property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getNotes().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getNotes() { + if (notes == null) { + notes = new ArrayList(); + } + return this.notes; + } + + /** + * Gets the value of the deprecatedBies property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the deprecatedBies property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getDeprecatedBies().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getDeprecatedBies() { + if (deprecatedBies == null) { + deprecatedBies = new ArrayList(); + } + return this.deprecatedBies; + } + + /** + * Gets the value of the nextFixActions property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the nextFixActions property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getNextFixActions().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link FixActionType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getNextFixActions() { + if (nextFixActions == null) { + nextFixActions = new ArrayList(); + } + return this.nextFixActions; + } + + /** + * Gets the value of the fixActionToolConfigurations property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the fixActionToolConfigurations property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getFixActionToolConfigurations().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ToolConfigurationType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getFixActionToolConfigurations() { + if (fixActionToolConfigurations == null) { + fixActionToolConfigurations = new ArrayList(); + } + return this.fixActionToolConfigurations; + } + + /** + * Gets the value of the applicableConfigurations property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the applicableConfigurations property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getApplicableConfigurations().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link PlatformType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getApplicableConfigurations() { + if (applicableConfigurations == null) { + applicableConfigurations = new ArrayList(); + } + return this.applicableConfigurations; + } + + /** + * Gets the value of the effectiveness property. + * + * @return possible object is + * {@link FixEffectivenessEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public FixEffectivenessEnumType getEffectiveness() { + return effectiveness; + } + + /** + * Sets the value of the effectiveness property. + * + * @param value allowed object is + * {@link FixEffectivenessEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setEffectiveness(FixEffectivenessEnumType value) { + this.effectiveness = value; + } + + /** + * Gets the value of the applicableChecks property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the applicableChecks property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getApplicableChecks().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link CheckReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getApplicableChecks() { + if (applicableChecks == null) { + applicableChecks = new ArrayList(); + } + return this.applicableChecks; + } + + /** + * Gets the value of the fixActionDescription property. + * + * @return possible object is + * {@link FixActionDescriptionEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public FixActionDescriptionEnumType getFixActionDescription() { + return fixActionDescription; + } + + /** + * Sets the value of the fixActionDescription property. + * + * @param value allowed object is + * {@link FixActionDescriptionEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setFixActionDescription(FixActionDescriptionEnumType value) { + this.fixActionDescription = value; + } + + /** + * Gets the value of the fixActionType property. + * + * @return possible object is + * {@link FixActionTypeEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public FixActionTypeEnumType getFixActionType() { + return fixActionType; + } + + /** + * Sets the value of the fixActionType property. + * + * @param value allowed object is + * {@link FixActionTypeEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setFixActionType(FixActionTypeEnumType value) { + this.fixActionType = value; + } + + /** + * Gets the value of the id property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setId(String value) { + this.id = value; + } + + /** + * Gets the value of the source property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSource() { + return source; + } + + /** + * Sets the value of the source property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSource(String value) { + this.source = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionTypeEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionTypeEnumType.java new file mode 100644 index 000000000..4ea136cab --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixActionTypeEnumType.java @@ -0,0 +1,61 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for fixActionTypeEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="fixActionTypeEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="MITIGATION"/>
+ *     <enumeration value="REMEDIATION"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "fixActionTypeEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum FixActionTypeEnumType { + + MITIGATION, + REMEDIATION; + + public String value() { + return name(); + } + + public static FixActionTypeEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixEffectivenessEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixEffectivenessEnumType.java new file mode 100644 index 000000000..18658025c --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/FixEffectivenessEnumType.java @@ -0,0 +1,61 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for fixEffectivenessEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="fixEffectivenessEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="PARTIAL"/>
+ *     <enumeration value="COMPLETE"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "fixEffectivenessEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum FixEffectivenessEnumType { + + PARTIAL, + COMPLETE; + + public String value() { + return name(); + } + + public static FixEffectivenessEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/LogicalTest.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/LogicalTest.java new file mode 100644 index 000000000..a7ab6f30f --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/LogicalTest.java @@ -0,0 +1,183 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + +/** + * The logical-test element appears as a child of a platform element, and may + * also be nested to create more complex logical tests. The content consists of + * one or more elements: fact-ref, and logical-test children are permitted. The + * operator to be applied, and optional negation of the test, are given as + * attributes. + * + *

Java class for LogicalTestType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="LogicalTestType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="logical-test" type="{http://cpe.mitre.org/language/2.0}LogicalTestType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="fact-ref" type="{http://cpe.mitre.org/language/2.0}FactRefType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="operator" use="required" type="{http://cpe.mitre.org/language/2.0}operatorEnumeration" />
+ *       <attribute name="negate" use="required" type="{http://www.w3.org/2001/XMLSchema}boolean" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "LogicalTestType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = { + "logicalTests", + "factReves" +}) +@XmlRootElement(name = "logical-test", namespace = "http://cpe.mitre.org/language/2.0") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class LogicalTest { + + @XmlElement(name = "logical-test") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List logicalTests; + @XmlElement(name = "fact-ref") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List factReves; + @XmlAttribute(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected OperatorEnumeration operator; + @XmlAttribute(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected boolean negate; + + /** + * Gets the value of the logicalTests property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the logicalTests property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getLogicalTests().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link LogicalTest } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getLogicalTests() { + if (logicalTests == null) { + logicalTests = new ArrayList(); + } + return this.logicalTests; + } + + /** + * Gets the value of the factReves property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the factReves property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getFactReves().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link FactRefType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getFactReves() { + if (factReves == null) { + factReves = new ArrayList(); + } + return this.factReves; + } + + /** + * Gets the value of the operator property. + * + * @return possible object is + * {@link OperatorEnumeration } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public OperatorEnumeration getOperator() { + return operator; + } + + /** + * Sets the value of the operator property. + * + * @param value allowed object is + * {@link OperatorEnumeration } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setOperator(OperatorEnumeration value) { + this.operator = value; + } + + /** + * Gets the value of the negate property. + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isNegate() { + return negate; + } + + /** + * Sets the value of the negate property. + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setNegate(boolean value) { + this.negate = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/MetricsType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/MetricsType.java new file mode 100644 index 000000000..8cc7c70b3 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/MetricsType.java @@ -0,0 +1,92 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.math.BigDecimal; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; + +/** + * Base type for metrics that defines common attributes of all metrics. + * + *

Java class for metricsType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="metricsType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <attribute name="upgraded-from-version" type="{http://www.w3.org/2001/XMLSchema}decimal" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "metricsType") +@XmlSeeAlso({ + TemporalMetricsType.class, + BaseMetricsType.class, + EnvironmentalMetricsType.class +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public abstract class MetricsType { + + @XmlAttribute(name = "upgraded-from-version") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal upgradedFromVersion; + + /** + * Gets the value of the upgradedFromVersion property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getUpgradedFromVersion() { + return upgradedFromVersion; + } + + /** + * Sets the value of the upgradedFromVersion property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setUpgradedFromVersion(BigDecimal value) { + this.upgradedFromVersion = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/NotesType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/NotesType.java new file mode 100644 index 000000000..44a1cade2 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/NotesType.java @@ -0,0 +1,96 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + * The notesType defines an element that consists of one or more child note + * elements. It is assumed that each of these note elements are representative + * of the same language as defined by their parent. + * + *

Java class for notesType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="notesType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="note" type="{http://scap.nist.gov/schema/scap-core/0.1}textType" maxOccurs="unbounded"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "notesType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = { + "notes" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class NotesType { + + @XmlElement(name = "note", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List notes; + + /** + * Gets the value of the notes property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the notes property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getNotes().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link TextType2 } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getNotes() { + if (notes == null) { + notes = new ArrayList(); + } + return this.notes; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Nvd.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Nvd.java new file mode 100644 index 000000000..ee1510456 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Nvd.java @@ -0,0 +1,155 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.math.BigDecimal; +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.datatype.XMLGregorianCalendar; + +/** + *

Java class for anonymous complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType>
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element ref="{http://scap.nist.gov/schema/feed/vulnerability/2.0}entry" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="nvd_xml_version" use="required" type="{http://www.w3.org/2001/XMLSchema}decimal" />
+ *       <attribute name="pub_date" use="required" type="{http://www.w3.org/2001/XMLSchema}dateTime" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "entries" +}) +@XmlRootElement(name = "nvd", namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class Nvd { + + @XmlElement(name = "entry", namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List entries; + @XmlAttribute(name = "nvd_xml_version", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal nvdXmlVersion; + @XmlAttribute(name = "pub_date", required = true) + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar pubDate; + + /** + * A CVE entry.Gets the value of the entries property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the entries property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getEntries().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link VulnerabilityType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getEntries() { + if (entries == null) { + entries = new ArrayList(); + } + return this.entries; + } + + /** + * Gets the value of the nvdXmlVersion property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getNvdXmlVersion() { + return nvdXmlVersion; + } + + /** + * Sets the value of the nvdXmlVersion property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setNvdXmlVersion(BigDecimal value) { + this.nvdXmlVersion = value; + } + + /** + * Gets the value of the pubDate property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getPubDate() { + return pubDate; + } + + /** + * Sets the value of the pubDate property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setPubDate(XMLGregorianCalendar value) { + this.pubDate = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ObjectFactory.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ObjectFactory.java new file mode 100644 index 000000000..e27744304 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ObjectFactory.java @@ -0,0 +1,423 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlElementDecl; +import javax.xml.bind.annotation.XmlRegistry; +import javax.xml.namespace.QName; + +/** + * This object contains factory methods for each Java content interface and Java + * element interface generated in the + * org.codesecure.dependencycheck.data.nvdcve.generated package.

An + * ObjectFactory allows you to programatically construct new instances of the + * Java representation for XML content. The Java representation of XML content + * can consist of schema derived interfaces and classes representing the binding + * of schema type definitions, element declarations and model groups. Factory + * methods for each of these are provided in this class. + * + */ +@XmlRegistry +public class ObjectFactory { + + private final static QName _Entry_QNAME = new QName("http://scap.nist.gov/schema/feed/vulnerability/2.0", "entry"); + private final static QName _Vulnerability_QNAME = new QName("http://scap.nist.gov/schema/vulnerability/0.4", "vulnerability"); + private final static QName _SearchableCpeReferencesTypeCpeName_QNAME = new QName("http://scap.nist.gov/schema/scap-core/0.1", "cpe-name"); + private final static QName _SearchableCpeReferencesTypeCpeSearchableName_QNAME = new QName("http://scap.nist.gov/schema/scap-core/0.1", "cpe-searchable-name"); + + /** + * Create a new ObjectFactory that can be used to create new instances of + * schema derived classes for package: + * org.codesecure.dependencycheck.data.nvdcve.generated + * + */ + public ObjectFactory() { + } + + /** + * Create an instance of {@link AccessComplexityType } + * + */ + public AccessComplexityType createAccessComplexityType() { + return new AccessComplexityType(); + } + + /** + * Create an instance of {@link ExploitabilityType } + * + */ + public ExploitabilityType createExploitabilityType() { + return new ExploitabilityType(); + } + + /** + * Create an instance of {@link ConfidenceType } + * + */ + public ConfidenceType createConfidenceType() { + return new ConfidenceType(); + } + + /** + * Create an instance of {@link TemporalMetricsType } + * + */ + public TemporalMetricsType createTemporalMetricsType() { + return new TemporalMetricsType(); + } + + /** + * Create an instance of {@link FactRefType } + * + */ + public FactRefType createFactRefType() { + return new FactRefType(); + } + + /** + * Create an instance of {@link VulnerableSoftwareType } + * + */ + public VulnerableSoftwareType createVulnerableSoftwareType() { + return new VulnerableSoftwareType(); + } + + /** + * Create an instance of {@link CveType } + * + */ + public CveType createCveType() { + return new CveType(); + } + + /** + * Create an instance of {@link AssociatedExploitLocationType } + * + */ + public AssociatedExploitLocationType createAssociatedExploitLocationType() { + return new AssociatedExploitLocationType(); + } + + /** + * Create an instance of {@link SearchableCpeReferencesType } + * + */ + public SearchableCpeReferencesType createSearchableCpeReferencesType() { + return new SearchableCpeReferencesType(); + } + + /** + * Create an instance of {@link CvssImpactType } + * + */ + public CvssImpactType createCvssImpactType() { + return new CvssImpactType(); + } + + /** + * Create an instance of {@link CweReferenceType } + * + */ + public CweReferenceType createCweReferenceType() { + return new CweReferenceType(); + } + + /** + * Create an instance of {@link CceParameterType } + * + */ + public CceParameterType createCceParameterType() { + return new CceParameterType(); + } + + /** + * Create an instance of {@link FixActionType } + * + */ + public FixActionType createFixActionType() { + return new FixActionType(); + } + + /** + * Create an instance of {@link OsvdbExtensionType } + * + */ + public OsvdbExtensionType createOsvdbExtensionType() { + return new OsvdbExtensionType(); + } + + /** + * Create an instance of {@link CheckSearchType } + * + */ + public CheckSearchType createCheckSearchType() { + return new CheckSearchType(); + } + + /** + * Create an instance of {@link RemediationLevelType } + * + */ + public RemediationLevelType createRemediationLevelType() { + return new RemediationLevelType(); + } + + /** + * Create an instance of {@link ToolConfigurationType } + * + */ + public ToolConfigurationType createToolConfigurationType() { + return new ToolConfigurationType(); + } + + /** + * Create an instance of {@link TextType1 } + * + */ + public TextType1 createTextType1() { + return new TextType1(); + } + + /** + * Create an instance of {@link PlatformSpecification } + * + */ + public PlatformSpecification createPlatformSpecification() { + return new PlatformSpecification(); + } + + /** + * Create an instance of {@link NotesType } + * + */ + public NotesType createNotesType() { + return new NotesType(); + } + + /** + * Create an instance of {@link CollateralDamagePotentialType } + * + */ + public CollateralDamagePotentialType createCollateralDamagePotentialType() { + return new CollateralDamagePotentialType(); + } + + /** + * Create an instance of {@link BaseMetricsType } + * + */ + public BaseMetricsType createBaseMetricsType() { + return new BaseMetricsType(); + } + + /** + * Create an instance of {@link CheckReferenceType } + * + */ + public CheckReferenceType createCheckReferenceType() { + return new CheckReferenceType(); + } + + /** + * Create an instance of {@link ReferenceType } + * + */ + public ReferenceType createReferenceType() { + return new ReferenceType(); + } + + /** + * Create an instance of {@link VulnerabilityReferenceType } + * + */ + public VulnerabilityReferenceType createVulnerabilityReferenceType() { + return new VulnerabilityReferenceType(); + } + + /** + * Create an instance of {@link CiaRequirementType } + * + */ + public CiaRequirementType createCiaRequirementType() { + return new CiaRequirementType(); + } + + /** + * Create an instance of {@link CvssType } + * + */ + public CvssType createCvssType() { + return new CvssType(); + } + + /** + * Create an instance of {@link TargetDistributionType } + * + */ + public TargetDistributionType createTargetDistributionType() { + return new TargetDistributionType(); + } + + /** + * Create an instance of {@link VulnerabilityType } + * + */ + public VulnerabilityType createVulnerabilityType() { + return new VulnerabilityType(); + } + + /** + * Create an instance of {@link Nvd } + * + */ + public Nvd createNvd() { + return new Nvd(); + } + + /** + * Create an instance of {@link Patch } + * + */ + public Patch createPatch() { + return new Patch(); + } + + /** + * Create an instance of {@link EnvironmentalMetricsType } + * + */ + public EnvironmentalMetricsType createEnvironmentalMetricsType() { + return new EnvironmentalMetricsType(); + } + + /** + * Create an instance of {@link LogicalTest } + * + */ + public LogicalTest createLogicalTest() { + return new LogicalTest(); + } + + /** + * Create an instance of {@link TextType2 } + * + */ + public TextType2 createTextType2() { + return new TextType2(); + } + + /** + * Create an instance of {@link AccessVectorType } + * + */ + public AccessVectorType createAccessVectorType() { + return new AccessVectorType(); + } + + /** + * Create an instance of {@link AuthenticationType } + * + */ + public AuthenticationType createAuthenticationType() { + return new AuthenticationType(); + } + + /** + * Create an instance of {@link Patch.References } + * + */ + public Patch.References createPatchReferences() { + return new Patch.References(); + } + + /** + * Create an instance of {@link TagType } + * + */ + public TagType createTagType() { + return new TagType(); + } + + /** + * Create an instance of {@link CceType } + * + */ + public CceType createCceType() { + return new CceType(); + } + + /** + * Create an instance of {@link PlatformType } + * + */ + public PlatformType createPlatformType() { + return new PlatformType(); + } + + /** + * Create an instance of {@link CiaType } + * + */ + public CiaType createCiaType() { + return new CiaType(); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link VulnerabilityType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://scap.nist.gov/schema/feed/vulnerability/2.0", name = "entry") + public JAXBElement createEntry(VulnerabilityType value) { + return new JAXBElement(_Entry_QNAME, VulnerabilityType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link VulnerabilityType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://scap.nist.gov/schema/vulnerability/0.4", name = "vulnerability") + public JAXBElement createVulnerability(VulnerabilityType value) { + return new JAXBElement(_Vulnerability_QNAME, VulnerabilityType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://scap.nist.gov/schema/scap-core/0.1", name = "cpe-name", scope = SearchableCpeReferencesType.class) + public JAXBElement createSearchableCpeReferencesTypeCpeName(String value) { + return new JAXBElement(_SearchableCpeReferencesTypeCpeName_QNAME, String.class, SearchableCpeReferencesType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://scap.nist.gov/schema/scap-core/0.1", name = "cpe-searchable-name", scope = SearchableCpeReferencesType.class) + public JAXBElement createSearchableCpeReferencesTypeCpeSearchableName(String value) { + return new JAXBElement(_SearchableCpeReferencesTypeCpeSearchableName_QNAME, String.class, SearchableCpeReferencesType.class, value); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OperatorEnumeration.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OperatorEnumeration.java new file mode 100644 index 000000000..1f2007535 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OperatorEnumeration.java @@ -0,0 +1,61 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for operatorEnumeration. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="operatorEnumeration">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}string">
+ *     <enumeration value="AND"/>
+ *     <enumeration value="OR"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "operatorEnumeration", namespace = "http://cpe.mitre.org/language/2.0") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum OperatorEnumeration { + + AND, + OR; + + public String value() { + return name(); + } + + public static OperatorEnumeration fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OsvdbExtensionType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OsvdbExtensionType.java new file mode 100644 index 000000000..f2a9caac0 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/OsvdbExtensionType.java @@ -0,0 +1,87 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for osvdbExtensionType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="osvdbExtensionType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="exploit-location" type="{http://scap.nist.gov/schema/vulnerability/0.4}associatedExploitLocationType"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "osvdbExtensionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "exploitLocation" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class OsvdbExtensionType { + + @XmlElement(name = "exploit-location", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected AssociatedExploitLocationType exploitLocation; + + /** + * Gets the value of the exploitLocation property. + * + * @return possible object is + * {@link AssociatedExploitLocationType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public AssociatedExploitLocationType getExploitLocation() { + return exploitLocation; + } + + /** + * Sets the value of the exploitLocation property. + * + * @param value allowed object is + * {@link AssociatedExploitLocationType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setExploitLocation(AssociatedExploitLocationType value) { + this.exploitLocation = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Patch.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Patch.java new file mode 100644 index 000000000..59657f3fc --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/Patch.java @@ -0,0 +1,414 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for patchType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="patchType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="title" type="{http://scap.nist.gov/schema/scap-core/0.1}textType" minOccurs="0"/>
+ *         <element name="references" minOccurs="0">
+ *           <complexType>
+ *             <complexContent>
+ *               <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *                 <sequence>
+ *                   <element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded"/>
+ *                 </sequence>
+ *               </restriction>
+ *             </complexContent>
+ *           </complexType>
+ *         </element>
+ *         <element name="notes" type="{http://scap.nist.gov/schema/scap-core/0.1}notesType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="supersedes" type="{http://scap.nist.gov/schema/patch/0.1}patchType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="superseded-by" type="{http://scap.nist.gov/schema/patch/0.1}patchType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="identifier" use="required" type="{http://www.w3.org/2001/XMLSchema}double" />
+ *       <attribute name="name" use="required" type="{http://www.w3.org/2001/XMLSchema}string" />
+ *       <attribute name="superseded" use="required" type="{http://www.w3.org/2001/XMLSchema}boolean" />
+ *       <attribute name="deprecated" type="{http://www.w3.org/2001/XMLSchema}boolean" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "patchType", namespace = "http://scap.nist.gov/schema/patch/0.1", propOrder = { + "title", + "references", + "notes", + "checks", + "supersedes", + "supersededBies" +}) +@XmlRootElement(name = "patch", namespace = "http://scap.nist.gov/schema/patch/0.1") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class Patch { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected TextType2 title; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Patch.References references; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List notes; + @XmlElement(name = "check") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List checks; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List supersedes; + @XmlElement(name = "superseded-by") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List supersededBies; + @XmlAttribute(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected double identifier; + @XmlAttribute(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String name; + @XmlAttribute(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected boolean superseded; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean deprecated; + + /** + * Gets the value of the title property. + * + * @return possible object is + * {@link TextType2 } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public TextType2 getTitle() { + return title; + } + + /** + * Sets the value of the title property. + * + * @param value allowed object is + * {@link TextType2 } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setTitle(TextType2 value) { + this.title = value; + } + + /** + * Gets the value of the references property. + * + * @return possible object is + * {@link Patch.References } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Patch.References getReferences() { + return references; + } + + /** + * Sets the value of the references property. + * + * @param value allowed object is + * {@link Patch.References } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setReferences(Patch.References value) { + this.references = value; + } + + /** + * Gets the value of the notes property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the notes property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getNotes().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link NotesType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getNotes() { + if (notes == null) { + notes = new ArrayList(); + } + return this.notes; + } + + /** + * Gets the value of the checks property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the checks property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getChecks().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link CheckReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getChecks() { + if (checks == null) { + checks = new ArrayList(); + } + return this.checks; + } + + /** + * Gets the value of the supersedes property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the supersedes property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getSupersedes().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link Patch } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getSupersedes() { + if (supersedes == null) { + supersedes = new ArrayList(); + } + return this.supersedes; + } + + /** + * Gets the value of the supersededBies property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the supersededBies property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getSupersededBies().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link Patch } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getSupersededBies() { + if (supersededBies == null) { + supersededBies = new ArrayList(); + } + return this.supersededBies; + } + + /** + * Gets the value of the identifier property. + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public double getIdentifier() { + return identifier; + } + + /** + * Sets the value of the identifier property. + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setIdentifier(double value) { + this.identifier = value; + } + + /** + * Gets the value of the name property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setName(String value) { + this.name = value; + } + + /** + * Gets the value of the superseded property. + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isSuperseded() { + return superseded; + } + + /** + * Sets the value of the superseded property. + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSuperseded(boolean value) { + this.superseded = value; + } + + /** + * Gets the value of the deprecated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Boolean isDeprecated() { + return deprecated; + } + + /** + * Sets the value of the deprecated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDeprecated(Boolean value) { + this.deprecated = value; + } + + /** + *

Java class for anonymous complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+     * <complexType>
+     *   <complexContent>
+     *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+     *       <sequence>
+     *         <element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded"/>
+     *       </sequence>
+     *     </restriction>
+     *   </complexContent>
+     * </complexType>
+     *
+ * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "references" + }) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public static class References { + + @XmlElement(name = "reference", namespace = "http://scap.nist.gov/schema/patch/0.1", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List references; + + /** + * Gets the value of the references property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list + * will be present inside the JAXB object. This is why there is not a + * set method for the references property. + * + *

For example, to add a new item, do as follows: + * 

+         *    getReferences().add(newItem);
+         *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getReferences() { + if (references == null) { + references = new ArrayList(); + } + return this.references; + } + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformSpecification.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformSpecification.java new file mode 100644 index 000000000..97abb3e8c --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformSpecification.java @@ -0,0 +1,94 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for anonymous complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType>
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="platform" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "platforms" +}) +@XmlRootElement(name = "platform-specification", namespace = "http://cpe.mitre.org/language/2.0") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class PlatformSpecification { + + @XmlElement(name = "platform", namespace = "http://cpe.mitre.org/language/2.0", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List platforms; + + /** + * Gets the value of the platforms property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the platforms property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getPlatforms().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link PlatformType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getPlatforms() { + if (platforms == null) { + platforms = new ArrayList(); + } + return this.platforms; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformType.java new file mode 100644 index 000000000..06e8bb23a --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/PlatformType.java @@ -0,0 +1,190 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; + +/** + * The optional remark element may appear as a child of a platform element. It + * provides some additional description. Zero or more remark elements may + * appear. To support uses intended for multiple languages, this element + * supports the �xml:lang� attribute. There can be multiple remarks for a single + * language. + * + *

Java class for PlatformType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="PlatformType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="title" type="{http://cpe.mitre.org/language/2.0}TextType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="remark" type="{http://cpe.mitre.org/language/2.0}TextType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="logical-test" type="{http://cpe.mitre.org/language/2.0}LogicalTestType"/>
+ *       </sequence>
+ *       <attribute name="id" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PlatformType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = { + "titles", + "remarks", + "logicalTest" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class PlatformType { + + @XmlElement(name = "title") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List titles; + @XmlElement(name = "remark") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List remarks; + @XmlElement(name = "logical-test", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected LogicalTest logicalTest; + @XmlAttribute(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String id; + + /** + * Gets the value of the titles property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the titles property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getTitles().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link TextType1 } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getTitles() { + if (titles == null) { + titles = new ArrayList(); + } + return this.titles; + } + + /** + * Gets the value of the remarks property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the remarks property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getRemarks().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link TextType1 } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getRemarks() { + if (remarks == null) { + remarks = new ArrayList(); + } + return this.remarks; + } + + /** + * Gets the value of the logicalTest property. + * + * @return possible object is + * {@link LogicalTest } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public LogicalTest getLogicalTest() { + return logicalTest; + } + + /** + * Sets the value of the logicalTest property. + * + * @param value allowed object is + * {@link LogicalTest } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setLogicalTest(LogicalTest value) { + this.logicalTest = value; + } + + /** + * Gets the value of the id property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setId(String value) { + this.id = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ReferenceType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ReferenceType.java new file mode 100644 index 000000000..4686799c4 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ReferenceType.java @@ -0,0 +1,92 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; + +/** + * Type for a reference in the description of a CPE item. This would normally be + * used to point to extra descriptive material, or the supplier's web site, or + * the platform documentation. It consists of a piece of text (intended to be + * human-readable) and a URI (intended to be a URL, and point to a real + * resource). + * + *

Java class for referenceType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="referenceType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/scap-core/0.1>textType">
+ *       <attribute name="href" type="{http://www.w3.org/2001/XMLSchema}anyURI" />
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "referenceType", namespace = "http://scap.nist.gov/schema/scap-core/0.1") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class ReferenceType + extends TextType2 { + + @XmlAttribute + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String href; + + /** + * Gets the value of the href property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getHref() { + return href; + } + + /** + * Sets the value of the href property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setHref(String value) { + this.href = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelEnumType.java new file mode 100644 index 000000000..f0c72b582 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelEnumType.java @@ -0,0 +1,67 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for remediationLevelEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="remediationLevelEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="OFFICIAL_FIX"/>
+ *     <enumeration value="TEMPORARY_FIX"/>
+ *     <enumeration value="WORKAROUND"/>
+ *     <enumeration value="UNAVAILABLE"/>
+ *     <enumeration value="NOT_DEFINED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "remediationLevelEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum RemediationLevelEnumType { + + OFFICIAL_FIX, + TEMPORARY_FIX, + WORKAROUND, + UNAVAILABLE, + NOT_DEFINED; + + public String value() { + return name(); + } + + public static RemediationLevelEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelType.java new file mode 100644 index 000000000..cfe3e6049 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/RemediationLevelType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for remediationLevelType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="remediationLevelType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>remediationLevelEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "remediationLevelType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class RemediationLevelType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected RemediationLevelEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link RemediationLevelEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public RemediationLevelEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link RemediationLevelEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(RemediationLevelEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SearchableCpeReferencesType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SearchableCpeReferencesType.java new file mode 100644 index 000000000..43528b4fc --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SearchableCpeReferencesType.java @@ -0,0 +1,98 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for searchableCpeReferencesType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="searchableCpeReferencesType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <group ref="{http://scap.nist.gov/schema/scap-core/0.1}cpeReferenceGroup" maxOccurs="unbounded"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "searchableCpeReferencesType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = { + "cpeNamesAndCpeSearchableNames" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class SearchableCpeReferencesType { + + @XmlElementRefs({ + @XmlElementRef(name = "cpe-searchable-name", namespace = "http://scap.nist.gov/schema/scap-core/0.1", type = JAXBElement.class), + @XmlElementRef(name = "cpe-name", namespace = "http://scap.nist.gov/schema/scap-core/0.1", type = JAXBElement.class) + }) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List> cpeNamesAndCpeSearchableNames; + + /** + * Gets the value of the cpeNamesAndCpeSearchableNames property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the cpeNamesAndCpeSearchableNames property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getCpeNamesAndCpeSearchableNames().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List> getCpeNamesAndCpeSearchableNames() { + if (cpeNamesAndCpeSearchableNames == null) { + cpeNamesAndCpeSearchableNames = new ArrayList>(); + } + return this.cpeNamesAndCpeSearchableNames; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SecurityProtectionType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SecurityProtectionType.java new file mode 100644 index 000000000..33c3ba918 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/SecurityProtectionType.java @@ -0,0 +1,71 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for securityProtectionType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="securityProtectionType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="ALLOWS_ADMIN_ACCESS"/>
+ *     <enumeration value="ALLOWS_USER_ACCESS"/>
+ *     <enumeration value="ALLOWS_OTHER_ACCESS"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "securityProtectionType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum SecurityProtectionType { + + /** + * gain administrative access + * + */ + ALLOWS_ADMIN_ACCESS, + /** + * gain user access + * + */ + ALLOWS_USER_ACCESS, + ALLOWS_OTHER_ACCESS; + + public String value() { + return name(); + } + + public static SecurityProtectionType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TagType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TagType.java new file mode 100644 index 000000000..c51766d53 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TagType.java @@ -0,0 +1,118 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + +/** + *

Java class for tagType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="tagType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <attribute name="name" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *       <attribute name="value" use="required" type="{http://www.w3.org/2001/XMLSchema}token" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "tagType", namespace = "http://scap.nist.gov/schema/scap-core/0.1") +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class TagType { + + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String name; + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String value; + + /** + * Gets the value of the name property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setName(String value) { + this.name = value; + } + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(String value) { + this.value = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionEnumType.java new file mode 100644 index 000000000..24f302be1 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionEnumType.java @@ -0,0 +1,67 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for targetDistributionEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="targetDistributionEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="NONE"/>
+ *     <enumeration value="LOW"/>
+ *     <enumeration value="MEDIUM"/>
+ *     <enumeration value="HIGH"/>
+ *     <enumeration value="NOT_DEFINED"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "targetDistributionEnumType") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum TargetDistributionEnumType { + + NONE, + LOW, + MEDIUM, + HIGH, + NOT_DEFINED; + + public String value() { + return name(); + } + + public static TargetDistributionEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionType.java new file mode 100644 index 000000000..876bd7f04 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TargetDistributionType.java @@ -0,0 +1,117 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + *

Java class for targetDistributionType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="targetDistributionType">
+ *   <simpleContent>
+ *     <extension base="<http://scap.nist.gov/schema/cvss-v2/0.2>targetDistributionEnumType">
+ *       <attGroup ref="{http://scap.nist.gov/schema/cvss-v2/0.2}vectorAttributeGroup"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "targetDistributionType", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class TargetDistributionType { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected TargetDistributionEnumType value; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean approximated; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link TargetDistributionEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public TargetDistributionEnumType getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link TargetDistributionEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(TargetDistributionEnumType value) { + this.value = value; + } + + /** + * Gets the value of the approximated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public boolean isApproximated() { + if (approximated == null) { + return false; + } else { + return approximated; + } + } + + /** + * Sets the value of the approximated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setApproximated(Boolean value) { + this.approximated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TemporalMetricsType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TemporalMetricsType.java new file mode 100644 index 000000000..6dcc15e3a --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TemporalMetricsType.java @@ -0,0 +1,263 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.math.BigDecimal; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.datatype.XMLGregorianCalendar; + +/** + *

Java class for temporalMetricsType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="temporalMetricsType">
+ *   <complexContent>
+ *     <extension base="{http://scap.nist.gov/schema/cvss-v2/0.2}metricsType">
+ *       <sequence>
+ *         <element name="score" type="{http://scap.nist.gov/schema/cvss-v2/0.2}zeroToTenDecimalType" minOccurs="0"/>
+ *         <element name="temporal-multiplier" type="{http://www.w3.org/2001/XMLSchema}decimal" minOccurs="0"/>
+ *         <group ref="{http://scap.nist.gov/schema/cvss-v2/0.2}temporalVectorsGroup"/>
+ *         <element name="source" type="{http://www.w3.org/2001/XMLSchema}anyURI"/>
+ *         <element name="generated-on-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime"/>
+ *       </sequence>
+ *     </extension>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "temporalMetricsType", propOrder = { + "score", + "temporalMultiplier", + "exploitability", + "remediationLevel", + "reportConfidence", + "source", + "generatedOnDatetime" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class TemporalMetricsType + extends MetricsType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal score; + @XmlElement(name = "temporal-multiplier") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected BigDecimal temporalMultiplier; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected ExploitabilityType exploitability; + @XmlElement(name = "remediation-level") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected RemediationLevelType remediationLevel; + @XmlElement(name = "report-confidence") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected ConfidenceType reportConfidence; + @XmlElement(required = true) + @XmlSchemaType(name = "anyURI") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String source; + @XmlElement(name = "generated-on-datetime", required = true) + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar generatedOnDatetime; + + /** + * Gets the value of the score property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getScore() { + return score; + } + + /** + * Sets the value of the score property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setScore(BigDecimal value) { + this.score = value; + } + + /** + * Gets the value of the temporalMultiplier property. + * + * @return possible object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public BigDecimal getTemporalMultiplier() { + return temporalMultiplier; + } + + /** + * Sets the value of the temporalMultiplier property. + * + * @param value allowed object is + * {@link BigDecimal } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setTemporalMultiplier(BigDecimal value) { + this.temporalMultiplier = value; + } + + /** + * Gets the value of the exploitability property. + * + * @return possible object is + * {@link ExploitabilityType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public ExploitabilityType getExploitability() { + return exploitability; + } + + /** + * Sets the value of the exploitability property. + * + * @param value allowed object is + * {@link ExploitabilityType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setExploitability(ExploitabilityType value) { + this.exploitability = value; + } + + /** + * Gets the value of the remediationLevel property. + * + * @return possible object is + * {@link RemediationLevelType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public RemediationLevelType getRemediationLevel() { + return remediationLevel; + } + + /** + * Sets the value of the remediationLevel property. + * + * @param value allowed object is + * {@link RemediationLevelType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setRemediationLevel(RemediationLevelType value) { + this.remediationLevel = value; + } + + /** + * Gets the value of the reportConfidence property. + * + * @return possible object is + * {@link ConfidenceType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public ConfidenceType getReportConfidence() { + return reportConfidence; + } + + /** + * Sets the value of the reportConfidence property. + * + * @param value allowed object is + * {@link ConfidenceType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setReportConfidence(ConfidenceType value) { + this.reportConfidence = value; + } + + /** + * Gets the value of the source property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSource() { + return source; + } + + /** + * Sets the value of the source property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSource(String value) { + this.source = value; + } + + /** + * Gets the value of the generatedOnDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getGeneratedOnDatetime() { + return generatedOnDatetime; + } + + /** + * Sets the value of the generatedOnDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setGeneratedOnDatetime(XMLGregorianCalendar value) { + this.generatedOnDatetime = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType1.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType1.java new file mode 100644 index 000000000..d22ada75f --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType1.java @@ -0,0 +1,116 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + * This type allows the xml:lang attribute to associate a specific language with + * an element's string content. + * + *

Java class for TextType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="TextType">
+ *   <simpleContent>
+ *     <extension base="<http://www.w3.org/2001/XMLSchema>string">
+ *       <attribute ref="{http://www.w3.org/XML/1998/namespace}lang"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TextType", namespace = "http://cpe.mitre.org/language/2.0", propOrder = { + "value" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class TextType1 { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String value; + @XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String lang; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the lang property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getLang() { + return lang; + } + + /** + * Sets the value of the lang property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setLang(String value) { + this.lang = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType2.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType2.java new file mode 100644 index 000000000..34165668c --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/TextType2.java @@ -0,0 +1,120 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + +/** + * This type allows the xml:lang attribute to associate a specific language with + * an element's string content. + * + *

Java class for textType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="textType">
+ *   <simpleContent>
+ *     <extension base="<http://www.w3.org/2001/XMLSchema>string">
+ *       <attribute ref="{http://www.w3.org/XML/1998/namespace}lang"/>
+ *     </extension>
+ *   </simpleContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "textType", namespace = "http://scap.nist.gov/schema/scap-core/0.1", propOrder = { + "value" +}) +@XmlSeeAlso({ + ReferenceType.class +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class TextType2 { + + @XmlValue + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String value; + @XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String lang; + + /** + * Gets the value of the value property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the lang property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getLang() { + return lang; + } + + /** + * Sets the value of the lang property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setLang(String value) { + this.lang = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ToolConfigurationType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ToolConfigurationType.java new file mode 100644 index 000000000..94d695009 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/ToolConfigurationType.java @@ -0,0 +1,120 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for toolConfigurationType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="toolConfigurationType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="name" type="{http://scap.nist.gov/schema/scap-core/0.1}cpeNamePatternType" minOccurs="0"/>
+ *         <element name="definition" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "toolConfigurationType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "name", + "definitions" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class ToolConfigurationType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String name; + @XmlElement(name = "definition") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List definitions; + + /** + * Gets the value of the name property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setName(String value) { + this.name = value; + } + + /** + * Gets the value of the definitions property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the definitions property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getDefinitions().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link CheckReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getDefinitions() { + if (definitions == null) { + definitions = new ArrayList(); + } + return this.definitions; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceCategoryEnumType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceCategoryEnumType.java new file mode 100644 index 000000000..b11a92711 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceCategoryEnumType.java @@ -0,0 +1,71 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for vulnerabilityReferenceCategoryEnumType. + * + *

The following schema fragment specifies the expected content contained + * within this class.

+ * 

+ * <simpleType name="vulnerabilityReferenceCategoryEnumType">
+ *   <restriction base="{http://www.w3.org/2001/XMLSchema}token">
+ *     <enumeration value="PATCH"/>
+ *     <enumeration value="VENDOR_ADVISORY"/>
+ *     <enumeration value="THIRD_PARTY_ADVISORY"/>
+ *     <enumeration value="SIGNATURE_SOURCE"/>
+ *     <enumeration value="MITIGATION_PROCEDURE"/>
+ *     <enumeration value="TOOL_CONFIGURATION_DESCRIPTION"/>
+ *     <enumeration value="UNKNOWN"/>
+ *   </restriction>
+ * </simpleType>
+ *
+ * + */ +@XmlType(name = "vulnerabilityReferenceCategoryEnumType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@XmlEnum +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public enum VulnerabilityReferenceCategoryEnumType { + + PATCH, + VENDOR_ADVISORY, + THIRD_PARTY_ADVISORY, + SIGNATURE_SOURCE, + MITIGATION_PROCEDURE, + TOOL_CONFIGURATION_DESCRIPTION, + UNKNOWN; + + public String value() { + return name(); + } + + public static VulnerabilityReferenceCategoryEnumType fromValue(String v) { + return valueOf(v); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceType.java new file mode 100644 index 000000000..ada6e4536 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityReferenceType.java @@ -0,0 +1,236 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + * Extends the base "reference" class by adding the ability to specify which + * kind (within the vulnerability model) of reference it is. See + * "Vulnerability_Reference_Category_List" enumeration. + * + *

Java class for vulnerabilityReferenceType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="vulnerabilityReferenceType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="source" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ *         <element name="reference" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType"/>
+ *         <element name="notes" type="{http://scap.nist.gov/schema/scap-core/0.1}notesType" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute ref="{http://www.w3.org/XML/1998/namespace}lang default="en""/>
+ *       <attribute name="reference_type" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceCategoryEnumType" />
+ *       <attribute name="deprecated" type="{http://www.w3.org/2001/XMLSchema}boolean" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "vulnerabilityReferenceType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "source", + "reference", + "notes" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class VulnerabilityReferenceType { + + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String source; + @XmlElement(required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected ReferenceType reference; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected NotesType notes; + @XmlAttribute(namespace = "http://www.w3.org/XML/1998/namespace") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String lang; + @XmlAttribute(name = "reference_type", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected VulnerabilityReferenceCategoryEnumType referenceType; + @XmlAttribute + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected Boolean deprecated; + + /** + * Gets the value of the source property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSource() { + return source; + } + + /** + * Sets the value of the source property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSource(String value) { + this.source = value; + } + + /** + * Gets the value of the reference property. + * + * @return possible object is + * {@link ReferenceType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public ReferenceType getReference() { + return reference; + } + + /** + * Sets the value of the reference property. + * + * @param value allowed object is + * {@link ReferenceType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setReference(ReferenceType value) { + this.reference = value; + } + + /** + * Gets the value of the notes property. + * + * @return possible object is + * {@link NotesType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public NotesType getNotes() { + return notes; + } + + /** + * Sets the value of the notes property. + * + * @param value allowed object is + * {@link NotesType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setNotes(NotesType value) { + this.notes = value; + } + + /** + * Gets the value of the lang property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getLang() { + if (lang == null) { + return "en"; + } else { + return lang; + } + } + + /** + * Sets the value of the lang property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setLang(String value) { + this.lang = value; + } + + /** + * Gets the value of the referenceType property. + * + * @return possible object is + * {@link VulnerabilityReferenceCategoryEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public VulnerabilityReferenceCategoryEnumType getReferenceType() { + return referenceType; + } + + /** + * Sets the value of the referenceType property. + * + * @param value allowed object is + * {@link VulnerabilityReferenceCategoryEnumType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setReferenceType(VulnerabilityReferenceCategoryEnumType value) { + this.referenceType = value; + } + + /** + * Gets the value of the deprecated property. + * + * @return possible object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public Boolean isDeprecated() { + return deprecated; + } + + /** + * Sets the value of the deprecated property. + * + * @param value allowed object is + * {@link Boolean } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDeprecated(Boolean value) { + this.deprecated = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityType.java new file mode 100644 index 000000000..62dc27ee4 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerabilityType.java @@ -0,0 +1,703 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.*; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.datatype.XMLGregorianCalendar; + +/** + * TODO: Low priority: Add reference to notes type to allow analysts, vendor and + * other comments. Add source attribute. Maybe categorization? + * + *

Java class for vulnerabilityType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="vulnerabilityType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="osvdb-ext" type="{http://scap.nist.gov/schema/vulnerability/0.4}osvdbExtensionType" minOccurs="0"/>
+ *         <element name="vulnerable-configuration" type="{http://cpe.mitre.org/language/2.0}PlatformType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="vulnerable-software-list" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerableSoftwareType" minOccurs="0"/>
+ *         <choice minOccurs="0">
+ *           <element name="cve-id" type="{http://scap.nist.gov/schema/cve/0.1}cveNamePatternType"/>
+ *           <element name="cce-id" type="{http://scap.nist.gov/schema/cce/0.1}cceNamePatternType"/>
+ *         </choice>
+ *         <element name="discovered-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *         <element name="disclosure-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *         <element name="exploit-publish-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *         <element name="published-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *         <element name="last-modified-datetime" type="{http://www.w3.org/2001/XMLSchema}dateTime" minOccurs="0"/>
+ *         <element name="cvss" type="{http://scap.nist.gov/schema/cvss-v2/0.2}cvssImpactType" minOccurs="0"/>
+ *         <element name="security-protection" type="{http://scap.nist.gov/schema/vulnerability/0.4}securityProtectionType" minOccurs="0"/>
+ *         <element name="assessment_check" type="{http://scap.nist.gov/schema/scap-core/0.1}checkReferenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="cwe" type="{http://scap.nist.gov/schema/vulnerability/0.4}cweReferenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="references" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityReferenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="fix_action" type="{http://scap.nist.gov/schema/vulnerability/0.4}fixActionType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="scanner" type="{http://scap.nist.gov/schema/vulnerability/0.4}toolConfigurationType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="summary" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/>
+ *         <element name="technical_description" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *         <element name="attack_scenario" type="{http://scap.nist.gov/schema/scap-core/0.1}referenceType" maxOccurs="unbounded" minOccurs="0"/>
+ *       </sequence>
+ *       <attribute name="id" use="required" type="{http://scap.nist.gov/schema/vulnerability/0.4}vulnerabilityIdType" />
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "osvdbExt", + "vulnerableConfigurations", + "vulnerableSoftwareList", + "cceId", + "cveId", + "discoveredDatetime", + "disclosureDatetime", + "exploitPublishDatetime", + "publishedDatetime", + "lastModifiedDatetime", + "cvss", + "securityProtection", + "assessmentChecks", + "cwes", + "references", + "fixActions", + "scanners", + "summary", + "technicalDescriptions", + "attackScenarios" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class VulnerabilityType { + + @XmlElement(name = "osvdb-ext") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected OsvdbExtensionType osvdbExt; + @XmlElement(name = "vulnerable-configuration") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List vulnerableConfigurations; + @XmlElement(name = "vulnerable-software-list") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected VulnerableSoftwareType vulnerableSoftwareList; + @XmlElement(name = "cce-id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String cceId; + @XmlElement(name = "cve-id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String cveId; + @XmlElement(name = "discovered-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar discoveredDatetime; + @XmlElement(name = "disclosure-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar disclosureDatetime; + @XmlElement(name = "exploit-publish-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar exploitPublishDatetime; + @XmlElement(name = "published-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar publishedDatetime; + @XmlElement(name = "last-modified-datetime") + @XmlSchemaType(name = "dateTime") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected XMLGregorianCalendar lastModifiedDatetime; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected CvssImpactType cvss; + @XmlElement(name = "security-protection") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected SecurityProtectionType securityProtection; + @XmlElement(name = "assessment_check") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List assessmentChecks; + @XmlElement(name = "cwe") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List cwes; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List references; + @XmlElement(name = "fix_action") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List fixActions; + @XmlElement(name = "scanner") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List scanners; + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String summary; + @XmlElement(name = "technical_description") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List technicalDescriptions; + @XmlElement(name = "attack_scenario") + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List attackScenarios; + @XmlAttribute(required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected String id; + + /** + * Gets the value of the osvdbExt property. + * + * @return possible object is + * {@link OsvdbExtensionType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public OsvdbExtensionType getOsvdbExt() { + return osvdbExt; + } + + /** + * Sets the value of the osvdbExt property. + * + * @param value allowed object is + * {@link OsvdbExtensionType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setOsvdbExt(OsvdbExtensionType value) { + this.osvdbExt = value; + } + + /** + * Gets the value of the vulnerableConfigurations property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the vulnerableConfigurations property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getVulnerableConfigurations().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link PlatformType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getVulnerableConfigurations() { + if (vulnerableConfigurations == null) { + vulnerableConfigurations = new ArrayList(); + } + return this.vulnerableConfigurations; + } + + /** + * Gets the value of the vulnerableSoftwareList property. + * + * @return possible object is + * {@link VulnerableSoftwareType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public VulnerableSoftwareType getVulnerableSoftwareList() { + return vulnerableSoftwareList; + } + + /** + * Sets the value of the vulnerableSoftwareList property. + * + * @param value allowed object is + * {@link VulnerableSoftwareType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setVulnerableSoftwareList(VulnerableSoftwareType value) { + this.vulnerableSoftwareList = value; + } + + /** + * Gets the value of the cceId property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getCceId() { + return cceId; + } + + /** + * Sets the value of the cceId property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setCceId(String value) { + this.cceId = value; + } + + /** + * Gets the value of the cveId property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getCveId() { + return cveId; + } + + /** + * Sets the value of the cveId property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setCveId(String value) { + this.cveId = value; + } + + /** + * Gets the value of the discoveredDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getDiscoveredDatetime() { + return discoveredDatetime; + } + + /** + * Sets the value of the discoveredDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDiscoveredDatetime(XMLGregorianCalendar value) { + this.discoveredDatetime = value; + } + + /** + * Gets the value of the disclosureDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getDisclosureDatetime() { + return disclosureDatetime; + } + + /** + * Sets the value of the disclosureDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setDisclosureDatetime(XMLGregorianCalendar value) { + this.disclosureDatetime = value; + } + + /** + * Gets the value of the exploitPublishDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getExploitPublishDatetime() { + return exploitPublishDatetime; + } + + /** + * Sets the value of the exploitPublishDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setExploitPublishDatetime(XMLGregorianCalendar value) { + this.exploitPublishDatetime = value; + } + + /** + * Gets the value of the publishedDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getPublishedDatetime() { + return publishedDatetime; + } + + /** + * Sets the value of the publishedDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setPublishedDatetime(XMLGregorianCalendar value) { + this.publishedDatetime = value; + } + + /** + * Gets the value of the lastModifiedDatetime property. + * + * @return possible object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public XMLGregorianCalendar getLastModifiedDatetime() { + return lastModifiedDatetime; + } + + /** + * Sets the value of the lastModifiedDatetime property. + * + * @param value allowed object is + * {@link XMLGregorianCalendar } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setLastModifiedDatetime(XMLGregorianCalendar value) { + this.lastModifiedDatetime = value; + } + + /** + * Gets the value of the cvss property. + * + * @return possible object is + * {@link CvssImpactType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public CvssImpactType getCvss() { + return cvss; + } + + /** + * Sets the value of the cvss property. + * + * @param value allowed object is + * {@link CvssImpactType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setCvss(CvssImpactType value) { + this.cvss = value; + } + + /** + * Gets the value of the securityProtection property. + * + * @return possible object is + * {@link SecurityProtectionType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public SecurityProtectionType getSecurityProtection() { + return securityProtection; + } + + /** + * Sets the value of the securityProtection property. + * + * @param value allowed object is + * {@link SecurityProtectionType } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSecurityProtection(SecurityProtectionType value) { + this.securityProtection = value; + } + + /** + * Gets the value of the assessmentChecks property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the assessmentChecks property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getAssessmentChecks().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link CheckReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getAssessmentChecks() { + if (assessmentChecks == null) { + assessmentChecks = new ArrayList(); + } + return this.assessmentChecks; + } + + /** + * Gets the value of the cwes property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the cwes property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getCwes().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link CweReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getCwes() { + if (cwes == null) { + cwes = new ArrayList(); + } + return this.cwes; + } + + /** + * Gets the value of the references property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the references property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getReferences().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link VulnerabilityReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getReferences() { + if (references == null) { + references = new ArrayList(); + } + return this.references; + } + + /** + * Gets the value of the fixActions property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the fixActions property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getFixActions().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link FixActionType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getFixActions() { + if (fixActions == null) { + fixActions = new ArrayList(); + } + return this.fixActions; + } + + /** + * Gets the value of the scanners property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the scanners property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getScanners().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ToolConfigurationType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getScanners() { + if (scanners == null) { + scanners = new ArrayList(); + } + return this.scanners; + } + + /** + * Gets the value of the summary property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getSummary() { + return summary; + } + + /** + * Sets the value of the summary property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setSummary(String value) { + this.summary = value; + } + + /** + * Gets the value of the technicalDescriptions property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the technicalDescriptions property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getTechnicalDescriptions().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getTechnicalDescriptions() { + if (technicalDescriptions == null) { + technicalDescriptions = new ArrayList(); + } + return this.technicalDescriptions; + } + + /** + * Gets the value of the attackScenarios property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the attackScenarios property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getAttackScenarios().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getAttackScenarios() { + if (attackScenarios == null) { + attackScenarios = new ArrayList(); + } + return this.attackScenarios; + } + + /** + * Gets the value of the id property. + * + * @return possible object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value allowed object is + * {@link String } + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public void setId(String value) { + this.id = value; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerableSoftwareType.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerableSoftwareType.java new file mode 100644 index 000000000..504f78f3d --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/VulnerableSoftwareType.java @@ -0,0 +1,92 @@ +package org.codesecure.dependencycheck.data.nvdcve.generated; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// +import java.util.ArrayList; +import java.util.List; +import javax.annotation.Generated; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + +/** + *

Java class for vulnerableSoftwareType complex type. + * + *

The following schema fragment specifies the expected content contained + * within this class. + * + * 

+ * <complexType name="vulnerableSoftwareType">
+ *   <complexContent>
+ *     <restriction base="{http://www.w3.org/2001/XMLSchema}anyType">
+ *       <sequence>
+ *         <element name="product" type="{http://cpe.mitre.org/language/2.0}namePattern" maxOccurs="unbounded"/>
+ *       </sequence>
+ *     </restriction>
+ *   </complexContent>
+ * </complexType>
+ *
+ * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "vulnerableSoftwareType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4", propOrder = { + "products" +}) +@Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") +public class VulnerableSoftwareType { + + @XmlElement(name = "product", required = true) + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + protected List products; + + /** + * Gets the value of the products property. + * + *

This accessor method returns a reference to the live list, not a + * snapshot. Therefore any modification you make to the returned list will + * be present inside the JAXB object. This is why there is not a + * set method for the products property. + * + *

For example, to add a new item, do as follows: + * 

+     *    getProducts().add(newItem);
+     *
+ * + * + *

Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + @Generated(value = "com.sun.tools.internal.xjc.Driver", date = "2012-10-21T11:58:46-04:00", comments = "JAXB RI vJAXB 2.1.10 in JDK 6") + public List getProducts() { + if (products == null) { + products = new ArrayList(); + } + return this.products; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/package-info.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/package-info.java new file mode 100644 index 000000000..8dcc02cf4 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/generated/package-info.java @@ -0,0 +1,9 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See http://java.sun.com/xml/jaxb +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2012.10.21 at 11:58:46 AM EDT +// + +@javax.xml.bind.annotation.XmlSchema(namespace = "http://scap.nist.gov/schema/cvss-v2/0.2", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) +package org.codesecure.dependencycheck.data.nvdcve.generated; diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/package-info.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/package-info.java new file mode 100644 index 000000000..e435b4aed --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/package-info.java @@ -0,0 +1,12 @@ +/** + * + * + * org.codesecure.dependencycheck.data.nvdcve + * + * + * Contains classes used to work with the NVD CVE data. + * + * +*/ + +package org.codesecure.dependencycheck.data.nvdcve; diff --git a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/EntrySaveDelegate.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/EntrySaveDelegate.java similarity index 50% rename from src/main/java/org/codesecure/dependencycheck/data/cve/xml/EntrySaveDelegate.java rename to src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/EntrySaveDelegate.java index c5a263e88..8e53d7ecb 100644 --- a/src/main/java/org/codesecure/dependencycheck/data/cve/xml/EntrySaveDelegate.java +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/EntrySaveDelegate.java @@ -1,31 +1,31 @@ -package org.codesecure.dependencycheck.data.cve.xml; +package org.codesecure.dependencycheck.data.nvdcve.xml; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ -import org.codesecure.dependencycheck.data.cve.Entry; import java.io.IOException; import org.apache.lucene.index.CorruptIndexException; +import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType; /** * - * An interface used to define the save function used when parsing the CVE XML - * file. + * An interface used to define the save function used when parsing the NVD CVE + * XML file. * * @author Jeremy Long (jeremy.long@gmail.com) */ @@ -34,9 +34,9 @@ public interface EntrySaveDelegate { /** * Saves a CVE Entry into the Lucene index. * - * @param entry a CVE entry. + * @param vulnerability a CVE entry. * @throws CorruptIndexException is thrown if the index is corrupt. * @throws IOException is thrown if an IOException occurs. */ - void saveEntry(Entry entry) throws CorruptIndexException, IOException; + void saveEntry(VulnerabilityType vulnerability) throws CorruptIndexException, IOException; } diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Importer.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Importer.java new file mode 100644 index 000000000..f555e08bd --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Importer.java @@ -0,0 +1,106 @@ +package org.codesecure.dependencycheck.data.nvdcve.xml; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.*; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.parsers.SAXParserFactory; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.XMLReader; + +/** + * Imports a NVD CVE XML file into the Lucene NVD CVE Index. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class Importer { + + /** + * Private constructor for utility class. + */ + private Importer() { + } + + /** + * Imports the NVD CVE XML File into the Lucene Index. + * + * @param file containing the path to the NVD CVE XML file. + * @throws ParserConfigurationException is thrown if the parser is + * misconfigured. + * @throws FileNotFoundException is thrown when there is a + * FileNotFoundException. + * @throws IOException is thrown when there is an IOException. + * @throws JAXBException is thrown when there is a JAXBException. + * @throws SAXException is thrown when there is a SAXException. + */ + public static void importXML(File file) throws FileNotFoundException, IOException, JAXBException, + ParserConfigurationException, SAXException { + + SAXParserFactory factory = SAXParserFactory.newInstance(); + factory.setNamespaceAware(true); + XMLReader reader = factory.newSAXParser().getXMLReader(); + + JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated"); + NvdCveXmlFilter filter = new NvdCveXmlFilter(context); + + Indexer indexer = new Indexer(); + indexer.openIndexWriter(); + + filter.registerSaveDelegate(indexer); + + reader.setContentHandler(filter); + Reader fileReader = new FileReader(file); + InputSource is = new InputSource(fileReader); + try { + reader.parse(is); + } catch (IOException ex) { + Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex); + } catch (SAXException ex) { + Logger.getLogger(Importer.class.getName()).log(Level.SEVERE, null, ex); + } finally { + indexer.close(); + } + } + + /** + * Imports the CPE XML File into the Lucene Index. + * + * @param path the path to the CPE XML file. + * @throws ParserConfigurationException is thrown if the parser is + * misconfigured. + * @throws FileNotFoundException is thrown when there is a + * FileNotFoundException. + * @throws IOException is thrown when there is an IOException. + * @throws JAXBException is thrown when there is a JAXBException. + * @throws SAXException is thrown when there is a SAXException. + */ + public static void importXML(String path) throws FileNotFoundException, IOException, JAXBException, + ParserConfigurationException, SAXException { + File f = new File(path); + if (!f.exists()) { + f.mkdirs(); + } + Importer.importXML(f); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Indexer.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Indexer.java new file mode 100644 index 000000000..6f4a19108 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/Indexer.java @@ -0,0 +1,148 @@ +package org.codesecure.dependencycheck.data.nvdcve.xml; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import org.apache.lucene.document.Document; +import org.apache.lucene.document.Field; +import org.apache.lucene.index.CorruptIndexException; +import org.apache.lucene.index.FieldInfo.IndexOptions; +import org.apache.lucene.index.Term; +import org.codesecure.dependencycheck.data.lucene.LuceneUtils; +import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType; +import org.codesecure.dependencycheck.data.nvdcve.Fields; +import org.codesecure.dependencycheck.data.nvdcve.Index; +import org.codesecure.dependencycheck.data.nvdcve.generated.FactRefType; +import org.codesecure.dependencycheck.data.nvdcve.generated.LogicalTest; +import org.codesecure.dependencycheck.data.nvdcve.generated.PlatformType; + +/** + * The Indexer is used to convert a VULNERABLE_CPE Entry, retrieved from the + * VULNERABLE_CPE XML file, into a Document that is stored in the Lucene index. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class Indexer extends Index implements EntrySaveDelegate { + + /** + * Saves an NVD CVE Entry into the Lucene index. + * + * @param vulnerability a NVD CVE vulnerability. + * @throws CorruptIndexException is thrown if the index is corrupt. + * @throws IOException is thrown if an IOException occurs. + */ + public void saveEntry(VulnerabilityType vulnerability) throws CorruptIndexException, IOException { + try { + Document doc = convertEntryToDoc(vulnerability); + + if (doc == null) { + return; + } + + Term name = new Term(Fields.CVE_ID, LuceneUtils.escapeLuceneQuery(vulnerability.getId())); + indexWriter.updateDocument(name, doc); + } catch (JAXBException ex) { + Logger.getLogger(Indexer.class.getName()).log(Level.SEVERE, "Unable to add " + vulnerability.getId() + " to the Lucene index.", ex); + } + } + + /** + * Converts a VULNERABLE_CPE vulnerability into a Lucene Document. + * + * @param vulnerability a VULNERABLE_CPE Entry. + * @return a Lucene Document containing a VULNERABLE_CPE Entry. + * @throws JAXBException is thrown when there is a JAXBException. + */ + protected Document convertEntryToDoc(VulnerabilityType vulnerability) throws JAXBException { + boolean hasApplication = false; + Document doc = new Document(); + + if (vulnerability.getVulnerableConfigurations() != null) { + + for (PlatformType pt : vulnerability.getVulnerableConfigurations()) { + hasApplication = addVulnerableProducts(doc, pt.getLogicalTest()); + } + + } else if (vulnerability.getVulnerableSoftwareList() != null) { //this should never be reached, but is here just in case. + for (String cpe : vulnerability.getVulnerableSoftwareList().getProducts()) { + if (cpe.startsWith("cpe:/a:")) { + hasApplication = true; + addVulnerableCpe(cpe, doc); + } + } + } else { + return null; + } + + //there are no cpe:/a that are vulnerable - don't add it to the index. + if (!hasApplication) { + return null; + } + + Field name = new Field(Fields.CVE_ID, vulnerability.getId(), Field.Store.NO, Field.Index.ANALYZED); + name.setIndexOptions(IndexOptions.DOCS_ONLY); + doc.add(name); + + Field description = new Field(Fields.DESCRIPTION, vulnerability.getSummary(), Field.Store.NO, Field.Index.ANALYZED); + name.setIndexOptions(IndexOptions.DOCS_ONLY); + doc.add(description); + + + JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated"); + + Marshaller m = context.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + + m.marshal(vulnerability, out); + + Field xml = new Field(Fields.XML, out.toString(), Field.Store.YES, Field.Index.NO); + doc.add(xml); + + return doc; + } + + private boolean addVulnerableProducts(Document doc, LogicalTest logicalTest) { + boolean retVal = false; + for (LogicalTest lt : logicalTest.getLogicalTests()) { + retVal = retVal || addVulnerableProducts(doc, lt); + } + for (FactRefType facts : logicalTest.getFactReves()) { + String cpe = facts.getName(); + if (cpe.startsWith("cpe:/a:")) { + retVal = true; + addVulnerableCpe(cpe, doc); + } + } + return retVal; + } + + private void addVulnerableCpe(String cpe, Document doc) { + Field vulnerable = new Field(Fields.VULNERABLE_CPE, cpe, Field.Store.NO, Field.Index.ANALYZED); + vulnerable.setIndexOptions(IndexOptions.DOCS_ONLY); + doc.add(vulnerable); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilter.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilter.java new file mode 100644 index 000000000..662536387 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilter.java @@ -0,0 +1,246 @@ +package org.codesecure.dependencycheck.data.nvdcve.xml; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.IOException; +import java.util.Enumeration; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.UnmarshallerHandler; +import org.apache.lucene.index.CorruptIndexException; +import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType; +import org.xml.sax.Attributes; +import org.xml.sax.Locator; +import org.xml.sax.SAXException; +import org.xml.sax.helpers.DefaultHandler; +import org.xml.sax.helpers.NamespaceSupport; +import org.xml.sax.helpers.XMLFilterImpl; + +/** + * + *

This filter uses partial-unmarshalling to unmarshall single NVD CVE + * entries for use with a SAX Parser.

+ * + *

This code was based off of an example found on stackoverflow

+ * + * @author Jeremy + */ +public class NvdCveXmlFilter extends XMLFilterImpl { + + EntrySaveDelegate saveDelegate = null; + + /** + * Register a EntrySaveDelegate object. When the last node of an entry is + * reached if a save delegate has been registered the save method will be + * invoked. + * + * @param delegate the delegate used to save an entry + */ + public void registerSaveDelegate(EntrySaveDelegate delegate) { + this.saveDelegate = delegate; + } + /** + * The JAXBContext + */ + private final JAXBContext context; + + /** + * Constructs a new NvdCveXmlFilter + * + * @param context a JAXBContext + */ + public NvdCveXmlFilter(JAXBContext context) { + this.context = context; + } + /** + * The locator object used for unmarshalling + */ + private Locator locator = null; + + /** + * Sets the document locator. + * + * @param loc the locator to use. + */ + @Override + public void setDocumentLocator(Locator loc) { + this.locator = loc; + super.setDocumentLocator(loc); + } + /** + * Used to keep track of namespace bindings. + */ + private NamespaceSupport nsSupport = new NamespaceSupport(); + + /** + * Stores the namespace prefix for use during unmarshalling. + * + * @param prefix the namespace prefix. + * @param uri the namespace. + * @throws SAXException is thrown is there is a SAXException. + */ + @Override + public void startPrefixMapping(String prefix, String uri) throws SAXException { + nsSupport.pushContext(); + nsSupport.declarePrefix(prefix, uri); + super.startPrefixMapping(prefix, uri); + } + + /** + * Removes the namespace prefix from the local support object so that + * unmarshalling works correctly. + * + * @param prefix the prefix to remove. + * @throws SAXException is thrown is there is a SAXException. + */ + @Override + public void endPrefixMapping(String prefix) throws SAXException { + nsSupport.popContext(); + super.endPrefixMapping(prefix); + } + /** + * The UnmarshallerHandler. + */ + private UnmarshallerHandler unmarshallerHandler; + /** + * Used to track how deep the SAX parser is in nested XML. + */ + private int depth; + + /** + * Fired when the SAX parser starts an element. This will either forward the + * event to the unmarshaller or create an unmarshaller if it is at the start + * of a new "entry". + * + * @param uri uri + * @param localName localName + * @param qName qName + * @param atts atts + * @throws SAXException is thrown if there is a SAXException. + */ + @Override + public void startElement(String uri, String localName, String qName, Attributes atts) throws SAXException { + + if (depth != 0) { + // we are in the middle of forwarding events. + // continue to do so. + depth += 1; + super.startElement(uri, localName, qName, atts); + return; + } + + //old - for cve 1.2 uri.equals("http://nvd.nist.gov/feeds/cve/1.2") + if (uri.equals("http://scap.nist.gov/schema/feed/vulnerability/2.0") && localName.equals("entry")) { + Unmarshaller unmarshaller; + try { + unmarshaller = context.createUnmarshaller(); + } catch (JAXBException e) { + throw new SAXException(e); + } + unmarshallerHandler = unmarshaller.getUnmarshallerHandler(); + setContentHandler(unmarshallerHandler); + + // fire SAX events to emulate the start of a new document. + unmarshallerHandler.startDocument(); + unmarshallerHandler.setDocumentLocator(locator); + + Enumeration e = nsSupport.getPrefixes(); + while (e.hasMoreElements()) { + String prefix = (String) e.nextElement(); + String uriToUse = nsSupport.getURI(prefix); + + unmarshallerHandler.startPrefixMapping(prefix, uriToUse); + } + String defaultURI = nsSupport.getURI(""); + if (defaultURI != null) { + unmarshallerHandler.startPrefixMapping("", defaultURI); + } + + super.startElement(uri, localName, qName, atts); + + // count the depth of elements and we will know when to stop. + depth = 1; + } + } + + /** + * Processes the end of an element. If we are at depth 0 we unmarshall the + * Entry and pass it to the save delegate + * + * @param uri the uri of the current element + * @param localName the local name of the current element + * @param qName the qname of the current element + * @throws SAXException is thrown if there is a SAXException + */ + @Override + public void endElement(String uri, String localName, String qName) throws SAXException { + + // forward this event + super.endElement(uri, localName, qName); + + if (depth != 0) { + depth -= 1; + if (depth == 0) { + + // emulate the end of a document. + Enumeration e = nsSupport.getPrefixes(); + while (e.hasMoreElements()) { + String prefix = (String) e.nextElement(); + unmarshallerHandler.endPrefixMapping(prefix); + } + String defaultURI = nsSupport.getURI(""); + if (defaultURI != null) { + unmarshallerHandler.endPrefixMapping(""); + } + unmarshallerHandler.endDocument(); + + // stop forwarding events by setting a dummy handler. + // XMLFilter doesn't accept null, so we have to give it something, + // hence a DefaultHandler, which does nothing. + setContentHandler(new DefaultHandler()); + + // then retrieve the fully unmarshalled object + try { + JAXBElement result = (JAXBElement) unmarshallerHandler.getResult(); + VulnerabilityType entry = result.getValue(); + if (saveDelegate != null) { + saveDelegate.saveEntry(entry); + } + } catch (JAXBException je) { //we can continue with this exception. + //TODO can I get the filename somewhere? + Logger.getLogger(NvdCveXmlFilter.class.getName()).log(Level.SEVERE, + "Unable to unmarshall NvdCVE (line " + locator.getLineNumber() + ").", je); + } catch (CorruptIndexException ex) { + Logger.getLogger(NvdCveXmlFilter.class.getName()).log(Level.SEVERE, null, ex); + throw new SAXException(ex); + } catch (IOException ex) { + Logger.getLogger(NvdCveXmlFilter.class.getName()).log(Level.SEVERE, null, ex); + throw new SAXException(ex); + } finally { + unmarshallerHandler = null; + } + } + } + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/package-info.java b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/package-info.java new file mode 100644 index 000000000..d0e4ee5f6 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/data/nvdcve/xml/package-info.java @@ -0,0 +1,12 @@ +/** + * + * + * org.codesecure.dependencycheck.data.nvdcve.xml + * + * + * Contains classes used to parse the NVD CVE XML file. + * + * +*/ + +package org.codesecure.dependencycheck.data.nvdcve.xml; diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java b/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java index 6df8792ed..1b3062572 100644 --- a/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Dependency.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.dependency; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -30,10 +30,9 @@ import org.codesecure.dependencycheck.utils.FileUtils; /** * A program dependency. This object is one of the core components within - * DependencyCheck. It is used to collect information about the dependency - * in the form of evidence. The Evidence is then used to determine if there - * are any known, published, vulnerabilities associated with the program - * dependency. + * DependencyCheck. It is used to collect information about the dependency in + * the form of evidence. The Evidence is then used to determine if there are any + * known, published, vulnerabilities associated with the program dependency. * * @author Jeremy Long (jeremy.long@gmail.com) */ @@ -88,10 +87,12 @@ public class Dependency { productEvidence = new EvidenceCollection(); versionEvidence = new EvidenceCollection(); identifiers = new ArrayList(); + vulnerabilities = new ArrayList(); } /** * Constructs a new Dependency object. + * * @param file the File to create the dependency object from. */ public Dependency(File file) { @@ -123,6 +124,7 @@ public class Dependency { /** * Sets the actual file path of the dependency on disk. + * * @param actualFilePath the file path of the dependency. */ public void setActualFilePath(String actualFilePath) { @@ -140,6 +142,7 @@ public class Dependency { /** * Sets the file path of the dependency. + * * @param filePath the file path of the dependency. */ public void setFilePath(String filePath) { @@ -147,9 +150,9 @@ public class Dependency { } /** - *

Gets the file path of the dependency.

- *

NOTE: This may not be the actual path of the file on disk. The - * actual path of the file on disk can be obtained via the getActualFilePath().

+ *

Gets the file path of the dependency.

NOTE: This may not + * be the actual path of the file on disk. The actual path of the file on + * disk can be obtained via the getActualFilePath().

* * @return the file path of the dependency. */ @@ -230,7 +233,8 @@ public class Dependency { } /** - * Adds an entry to the list of detected Identifiers for the dependency file. + * Adds an entry to the list of detected Identifiers for the dependency + * file. * * @param type the type of identifier (such as CPE). * @param value the value of the identifier. @@ -308,8 +312,10 @@ public class Dependency { public void setAnalysisExceptions(List analysisExceptions) { this.analysisExceptions = analysisExceptions; } + /** * Adds an exception to the analysis exceptions collection. + * * @param ex an exception. */ public void addAnalysisException(Exception ex) { @@ -373,12 +379,6 @@ public class Dependency { String fnd = str.toLowerCase(); - //TODO add the filename is analyzed and added as evidence - //TODO remove special characters from filename and check this (including spaces) - if (this.fileName != null && this.fileName.contains(fnd)) { - return true; - } - if (vendorEvidence.containsUsedString(str)) { return true; } @@ -390,6 +390,28 @@ public class Dependency { } return false; } + /** + * A list of vulnerabilities for this dependency + */ + private List vulnerabilities; + + /** + * Get the list of vulnerabilities + * + * @return the list of vulnerabilities + */ + public List getVulnerabilities() { + return vulnerabilities; + } + + /** + * Set the value of vulnerabilities + * + * @param vulnerabilities new value of vulnerabilities + */ + public void setVulnerabilities(List vulnerabilities) { + this.vulnerabilities = vulnerabilities; + } private void determineHashes(File file) { String md5 = null; @@ -405,4 +427,13 @@ public class Dependency { this.setMd5sum(md5); this.setSha1sum(sha1); } + + /** + * Adds a vulnerability to the dependency. + * + * @param vulnerability a vulnerability outlining a vulnerability. + */ + public void addVulnerability(Vulnerability vulnerability) { + this.vulnerabilities.add(vulnerability); + } } diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Evidence.java b/src/main/java/org/codesecure/dependencycheck/dependency/Evidence.java index 169fd869e..e0d7ce18d 100644 --- a/src/main/java/org/codesecure/dependencycheck/dependency/Evidence.java +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Evidence.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.dependency; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -178,6 +178,7 @@ public class Evidence { /** * Implements the hashCode for Evidence. + * * @return hash code. */ @Override @@ -192,6 +193,7 @@ public class Evidence { /** * Implements equals for Evidence. + * * @param that an object to check the equality of. * @return whether the two objects are equal. */ @@ -210,7 +212,9 @@ public class Evidence { } /** - * Simple equality test for use within the equals method. This does a case insensitive compare. + * Simple equality test for use within the equals method. This does a case + * insensitive compare. + * * @param l a string to compare. * @param r another string to compare. * @return whether the two strings are the same. diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/EvidenceCollection.java b/src/main/java/org/codesecure/dependencycheck/dependency/EvidenceCollection.java index a7128b222..13650c495 100644 --- a/src/main/java/org/codesecure/dependencycheck/dependency/EvidenceCollection.java +++ b/src/main/java/org/codesecure/dependencycheck/dependency/EvidenceCollection.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.dependency; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -31,7 +31,8 @@ import org.codesecure.dependencycheck.utils.Filter; public class EvidenceCollection implements Iterable { /** - * Used to iterate over high confidence evidence contained in the collection. + * Used to iterate over high confidence evidence contained in the + * collection. */ private static final Filter HIGH_CONFIDENCE = new Filter() { @@ -41,7 +42,8 @@ public class EvidenceCollection implements Iterable { } }; /** - * Used to iterate over medium confidence evidence contained in the collection. + * Used to iterate over medium confidence evidence contained in the + * collection. */ private static final Filter MEDIUM_CONFIDENCE = new Filter() { @@ -61,7 +63,8 @@ public class EvidenceCollection implements Iterable { } }; /** - * Used to iterate over evidence that has was used (aka read) from the collection. + * Used to iterate over evidence that has was used (aka read) from the + * collection. */ private static final Filter EVIDENCE_USED = new Filter() { @@ -73,7 +76,9 @@ public class EvidenceCollection implements Iterable { /** * Used to iterate over evidence of the specified confidence. - * @param confidence the confidence level for the evidence to be iterated over. + * + * @param confidence the confidence level for the evidence to be iterated + * over. * @return Iterable. */ public final Iterable iterator(Evidence.Confidence confidence) { @@ -98,6 +103,7 @@ public class EvidenceCollection implements Iterable { /** * Adds evidence to the collection. + * * @param e Evidence. */ public void addEvidence(Evidence e) { @@ -119,16 +125,17 @@ public class EvidenceCollection implements Iterable { } /** - * Adds term to the weighting collection. The terms added here are used later - * to boost the score of other terms. This is a way of combining evidence from - * multiple sources to boost the confidence of the given evidence. + * Adds term to the weighting collection. The terms added here are used + * later to boost the score of other terms. This is a way of combining + * evidence from multiple sources to boost the confidence of the given + * evidence. * - * Example: The term 'Apache' is found in the manifest of a JAR and is added to the - * Collection. When we parse the package names within the JAR file we may add - * these package names to the "weighted" strings collection to boost the score - * in the Lucene query. That way when we construct the Lucene query we find the - * term Apache in the collection AND in the weighted strings; as such, we will - * boost the confidence of the term Apache. + * Example: The term 'Apache' is found in the manifest of a JAR and is added + * to the Collection. When we parse the package names within the JAR file we + * may add these package names to the "weighted" strings collection to boost + * the score in the Lucene query. That way when we construct the Lucene + * query we find the term Apache in the collection AND in the weighted + * strings; as such, we will boost the confidence of the term Apache. * * @param str to add to the weighting collection. */ @@ -148,6 +155,7 @@ public class EvidenceCollection implements Iterable { /** * Returns the set of evidence. + * * @return the set of evidence. */ public Set getEvidence() { @@ -156,6 +164,7 @@ public class EvidenceCollection implements Iterable { /** * Implements the iterator interface for the Evidence Collection. + * * @return an Iterator. */ public Iterator iterator() { @@ -164,6 +173,7 @@ public class EvidenceCollection implements Iterable { /** * Used to determine if a given string was used (aka read). + * * @param text the string to search for. * @return whether or not the string was used. */ @@ -184,6 +194,7 @@ public class EvidenceCollection implements Iterable { /** * Returns whether or not the collection contains evidence of a specified * Confidence. + * * @param confidence A Confidence value. * @return boolean. */ @@ -232,6 +243,7 @@ public class EvidenceCollection implements Iterable { /** * Returns a string of evidence 'values'. + * * @return a string containing the evidence. */ @Override @@ -245,6 +257,7 @@ public class EvidenceCollection implements Iterable { /** * Returns the number of elements in the EvidenceCollection. + * * @return the number of elements in the collection. */ public int size() { diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java b/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java index a0550e9e5..489442d3c 100644 --- a/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Identifier.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.dependency; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -26,6 +26,7 @@ public class Identifier { /** * Constructs a new Identifier with the specified data. + * * @param type the identifier type. * @param value the identifier value. * @param title the identifier title. @@ -37,8 +38,10 @@ public class Identifier { this.title = title; this.url = url; } + /** * Constructs a new Identifier with the specified data. + * * @param type the identifier type. * @param value the identifier value. * @param title the identifier title. @@ -159,5 +162,4 @@ public class Identifier { public void setDescription(String description) { this.description = description; } - } diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Reference.java b/src/main/java/org/codesecure/dependencycheck/dependency/Reference.java new file mode 100644 index 000000000..eac2aec7c --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Reference.java @@ -0,0 +1,95 @@ +package org.codesecure.dependencycheck.dependency; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +/** + * An external reference for a vulnerability. This contains a name, URL, and a + * source. + * + * @author Jeremy + */ +public class Reference { + + /** + * The name of the reference. + */ + private String name; + + /** + * Get the value of name + * + * @return the value of name + */ + public String getName() { + return name; + } + + /** + * Set the value of name + * + * @param name new value of name + */ + public void setName(String name) { + this.name = name; + } + /** + * the url for the reference + */ + private String url; + + /** + * Get the value of url + * + * @return the value of url + */ + public String getUrl() { + return url; + } + + /** + * Set the value of url + * + * @param url new value of url + */ + public void setUrl(String url) { + this.url = url; + } + /** + * the source of the reference. + */ + private String source; + + /** + * Get the value of source + * + * @return the value of source + */ + public String getSource() { + return source; + } + + /** + * Set the value of source + * + * @param source new value of source + */ + public void setSource(String source) { + this.source = source; + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/dependency/Vulnerability.java b/src/main/java/org/codesecure/dependencycheck/dependency/Vulnerability.java new file mode 100644 index 000000000..adc7e1f20 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/dependency/Vulnerability.java @@ -0,0 +1,106 @@ +package org.codesecure.dependencycheck.dependency; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.util.ArrayList; +import java.util.List; + +/** + * Contains the information about a vulnerability. + * + * @author Jeremy + */ +public class Vulnerability { + + /** + * The name of the vulnerability + */ + private String name; + + /** + * Get the value of name + * + * @return the value of name + */ + public String getName() { + return name; + } + + /** + * Set the value of name + * + * @param name new value of name + */ + public void setName(String name) { + this.name = name; + } + /** + * the description of the vulnerability + */ + private String description; + + /** + * Get the value of description + * + * @return the value of description + */ + public String getDescription() { + return description; + } + + /** + * Set the value of description + * + * @param description new value of description + */ + public void setDescription(String description) { + this.description = description; + } + /** + * References for this vulnerability + */ + private List references = new ArrayList(); + + /** + * Get the value of references + * + * @return the value of references + */ + public List getReferences() { + return references; + } + + /** + * Set the value of references + * + * @param references new value of references + */ + public void setReferences(List references) { + this.references = references; + } + + /** + * Adds a reference to the references collection + * + * @param ref a reference for the vulnerability + */ + public void addReference(Reference ref) { + this.references.add(ref); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java b/src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java index 7ad9ef58c..7de535375 100644 --- a/src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java +++ b/src/main/java/org/codesecure/dependencycheck/reporting/ReportGenerator.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.reporting; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -50,7 +50,8 @@ public class ReportGenerator { * @param applicationName the name of the application that was scanned. * @param dependencies a list of dependencies to include in the report. * @throws IOException is thrown when the template file does not exist. - * @throws Exception is thrown if there is an error writting out the reports. + * @throws Exception is thrown if there is an error writting out the + * reports. */ public void generateReports(String outputDir, String applicationName, List dependencies) throws IOException, Exception { @@ -66,7 +67,9 @@ public class ReportGenerator { } /** - * much of this code is from http://stackoverflow.com/questions/2931516/loading-velocity-template-inside-a-jar-file + * much of this code is from + * http://stackoverflow.com/questions/2931516/loading-velocity-template-inside-a-jar-file + * * @param templateName the name of the template to load. * @param outFileName The filename and path to write the report to. * @param properties a map of properties to load into the velocity context. diff --git a/src/main/java/org/codesecure/dependencycheck/utils/Checksum.java b/src/main/java/org/codesecure/dependencycheck/utils/Checksum.java index 884e2ef43..454994474 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/Checksum.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/Checksum.java @@ -23,14 +23,16 @@ import java.util.logging.Logger; public class Checksum { /** - *

Creates the cryptographic checksum of a given file using the specified alogirhtm.

- *

This algorithm was copied and heavily modified from Real's How To: http://www.rgagnon.com/javadetails/java-0416.html

+ *

Creates the cryptographic checksum of a given file using the specified + * alogirhtm.

This algorithm was copied and heavily modified from + * Real's How To: http://www.rgagnon.com/javadetails/java-0416.html

* * @param algorithm the algorithm to use to calculate the checksum * @param file the file to calculate the checksum for * @return the checksum * @throws FileNotFoundException when the file does not exist - * @throws NoSuchAlgorithmException when an algorithm is specified that does not exist + * @throws NoSuchAlgorithmException when an algorithm is specified that does + * not exist */ public static byte[] getChecksum(String algorithm, File file) throws FileNotFoundException, NoSuchAlgorithmException { InputStream fis = new FileInputStream(file); @@ -86,7 +88,8 @@ public class Checksum { /** *

Converts a byte array into a hex string.

* - *

This method was copied from http://www.rgagnon.com/javadetails/java-0596.html

+ *

This method was copied from http://www.rgagnon.com/javadetails/java-0596.html

* * @param raw a byte array * @return the hex representation of the byte array diff --git a/src/main/java/org/codesecure/dependencycheck/utils/CliParser.java b/src/main/java/org/codesecure/dependencycheck/utils/CliParser.java index 776d1c3e4..9175f9091 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/CliParser.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/CliParser.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.utils; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -110,10 +110,12 @@ public final class CliParser { /** * Validates whether or not the path(s) points at a file that exists; if the - * path(s) does not point to an existing file a FileNotFoundException is thrown. + * path(s) does not point to an existing file a FileNotFoundException is + * thrown. * * @param paths the paths to validate if they exists - * @throws FileNoteFoundException is thrown if one of the paths being validated does not exist. + * @throws FileNoteFoundException is thrown if one of the paths being + * validated does not exist. */ private void validatePathExists(String[] paths) throws FileNotFoundException { for (String path : paths) { @@ -123,10 +125,12 @@ public final class CliParser { /** * Validates whether or not the path points at a file that exists; if the - * path does not point to an existing file a FileNotFoundException is thrown. + * path does not point to an existing file a FileNotFoundException is + * thrown. * * @param paths the paths to validate if they exists - * @throws FileNoteFoundException is thrown if the path being validated does not exist. + * @throws FileNoteFoundException is thrown if the path being validated does + * not exist. */ private void validatePathExists(String path) throws FileNotFoundException { File f = new File(path); @@ -250,7 +254,8 @@ public final class CliParser { } /** - * Retrieves the file command line parameter(s) specified for the 'cpe' argument. + * Retrieves the file command line parameter(s) specified for the 'cpe' + * argument. * * @return the file paths specified on the command line */ @@ -259,7 +264,8 @@ public final class CliParser { } /** - * Retrieves the file command line parameter(s) specified for the 'scan' argument. + * Retrieves the file command line parameter(s) specified for the 'scan' + * argument. * * @return the file paths specified on the command line for scan */ @@ -269,7 +275,9 @@ public final class CliParser { } /** - * returns the directory to write the reports to specified on the command line. + * returns the directory to write the reports to specified on the command + * line. + * * @return the path to the reports directory. */ public String getReportDirectory() { @@ -278,6 +286,7 @@ public final class CliParser { /** * Returns the application name specified on the command line. + * * @return the applicatoin name. */ public String getApplicationName() { @@ -287,7 +296,7 @@ public final class CliParser { /** *

Prints the manifest information to standard output:

*
  • Implementation-Title: ${pom.name}
    • - *
  • Implementation-Version: ${pom.version}
+ *
  • Implementation-Version: ${pom.version}
    • */ public void printVersionInfo() { String version = String.format("%s version %s", @@ -297,8 +306,8 @@ public final class CliParser { } /** - * Checks if the auto update feature has been disabled. If it has been disabled - * via the command line this will return false. + * Checks if the auto update feature has been disabled. If it has been + * disabled via the command line this will return false. * * @return if auto-update is allowed. */ @@ -321,35 +330,43 @@ public final class CliParser { */ public static final String SCAN_SHORT = "s"; /** - * The long CLI argument name specifing the path to the CPE.XML file to import + * The long CLI argument name specifing the path to the CPE.XML file to + * import */ public static final String CPE = "cpe"; /** - * The short CLI argument name specifing the path to the CPE.XML file to import + * The short CLI argument name specifing the path to the CPE.XML file to + * import */ public static final String CPE_SHORT = "c"; /** - * The long CLI argument name specifing that the CPE/CVE/etc. data should not be automatically updated. + * The long CLI argument name specifing that the CPE/CVE/etc. data + * should not be automatically updated. */ public static final String DISABLE_AUTO_UPDATE = "noupdate"; /** - * The short CLI argument name specifing that the CPE/CVE/etc. data should not be automatically updated. + * The short CLI argument name specifing that the CPE/CVE/etc. data + * should not be automatically updated. */ public static final String DISABLE_AUTO_UPDATE_SHORT = "n"; /** - * The long CLI argument name specifing the directory to write the reports to. + * The long CLI argument name specifing the directory to write the + * reports to. */ public static final String OUT = "out"; /** - * The short CLI argument name specifing the directory to write the reports to. + * The short CLI argument name specifing the directory to write the + * reports to. */ public static final String OUT_SHORT = "o"; /** - * The long CLI argument name specifing the name of the application to be scanned. + * The long CLI argument name specifing the name of the application to + * be scanned. */ public static final String APPNAME = "app"; /** - * The short CLI argument name specifing the name of the application to be scanned. + * The short CLI argument name specifing the name of the application to + * be scanned. */ public static final String APPNAME_SHORT = "a"; /** @@ -377,11 +394,13 @@ public final class CliParser { */ public static final String ADVANCED_HELP = "advancedhelp"; /** - * The short CLI argument name for setting the location of an additional properties file. + * The short CLI argument name for setting the location of an additional + * properties file. */ public static final String PROP_SHORT = "p"; /** - * The CLI argument name for setting the location of an additional properties file. + * The CLI argument name for setting the location of an additional + * properties file. */ public static final String PROP = "propertyfile"; } diff --git a/src/main/java/org/codesecure/dependencycheck/utils/DownloadFailedException.java b/src/main/java/org/codesecure/dependencycheck/utils/DownloadFailedException.java index bdb6f362e..6bc173b9f 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/DownloadFailedException.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/DownloadFailedException.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.utils; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -38,6 +38,7 @@ public class DownloadFailedException extends IOException { /** * Creates a new DownloadFailedException. + * * @param msg a message for the exception. */ public DownloadFailedException(String msg) { @@ -46,6 +47,7 @@ public class DownloadFailedException extends IOException { /** * Creates a new DownloadFailedException. + * * @param ex the cause of the download failure. */ public DownloadFailedException(Throwable ex) { @@ -54,6 +56,7 @@ public class DownloadFailedException extends IOException { /** * Creates a new DownloadFailedException. + * * @param msg a message for the exception. * @param ex the cause of the download failure. */ diff --git a/src/main/java/org/codesecure/dependencycheck/utils/Downloader.java b/src/main/java/org/codesecure/dependencycheck/utils/Downloader.java index 3a984a1a5..54ef4facb 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/Downloader.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/Downloader.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.utils; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -47,9 +47,11 @@ public class Downloader { /** * Retrieves a file from a given URL and saves it to the outputPath. + * * @param url the URL of the file to download. * @param outputPath the path to the save the file to. - * @throws DownloadFailedException is thrown if there is an error downloading the file. + * @throws DownloadFailedException is thrown if there is an error + * downloading the file. */ public static void fetchFile(URL url, String outputPath) throws DownloadFailedException { fetchFile(url, outputPath, false); @@ -57,10 +59,13 @@ public class Downloader { /** * Retrieves a file from a given URL and saves it to the outputPath. + * * @param url the URL of the file to download. * @param outputPath the path to the save the file to. - * @param unzip true/false indicating that the file being retrieved is gzipped and if true, should be uncompressed before writting to the file. - * @throws DownloadFailedException is thrown if there is an error downloading the file. + * @param unzip true/false indicating that the file being retrieved is + * gzipped and if true, should be uncompressed before writting to the file. + * @throws DownloadFailedException is thrown if there is an error + * downloading the file. */ public static void fetchFile(URL url, String outputPath, boolean unzip) throws DownloadFailedException { File f = new File(outputPath); @@ -69,9 +74,11 @@ public class Downloader { /** * Retrieves a file from a given URL and saves it to the outputPath. + * * @param url the URL of the file to download. * @param outputPath the path to the save the file to. - * @throws DownloadFailedException is thrown if there is an error downloading the file. + * @throws DownloadFailedException is thrown if there is an error + * downloading the file. */ public static void fetchFile(URL url, File outputPath) throws DownloadFailedException { fetchFile(url, outputPath, false); @@ -79,10 +86,13 @@ public class Downloader { /** * Retrieves a file from a given URL and saves it to the outputPath. + * * @param url the URL of the file to download. * @param outputPath the path to the save the file to. - * @param unzip true/false indicating that the file being retrieved is gzipped and if true, should be uncompressed before writting to the file. - * @throws DownloadFailedException is thrown if there is an error downloading the file. + * @param unzip true/false indicating that the file being retrieved is + * gzipped and if true, should be uncompressed before writting to the file. + * @throws DownloadFailedException is thrown if there is an error + * downloading the file. */ public static void fetchFile(URL url, File outputPath, boolean unzip) throws DownloadFailedException { HttpURLConnection conn = null; diff --git a/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java b/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java index 902d0a92f..b2a7545b7 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/FileUtils.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.utils; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -33,6 +33,7 @@ public class FileUtils { /** * Returns the (lowercase) file extension for a specified file. + * * @param fileName the file name to retrieve the file extension from. * @return the file extension. */ diff --git a/src/main/java/org/codesecure/dependencycheck/utils/Filter.java b/src/main/java/org/codesecure/dependencycheck/utils/Filter.java index 8e08b62f6..495d52005 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/Filter.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/Filter.java @@ -6,12 +6,12 @@ import java.util.NoSuchElementException; /* * This is an abstract filter that can be used to filter iterable list. * - * This Filter class was copied from: http://erikras.com/2008/01/18/the-filter-pattern-java-conditional-abstraction-with-iterables/ + * This Filter class was copied from: + * http://erikras.com/2008/01/18/the-filter-pattern-java-conditional-abstraction-with-iterables/ * - * Erik Rasmussen - © 2006 - 2012 All Rights Reserved. - * @author Erik Rasmussen https://plus.google.com/115403795880834599019/?rel=author + * Erik Rasmussen - © 2006 - 2012 All Rights Reserved. @author Erik Rasmussen + * https://plus.google.com/115403795880834599019/?rel=author */ - public abstract class Filter { public abstract boolean passes(T object); diff --git a/src/main/java/org/codesecure/dependencycheck/utils/InvalidSettingException.java b/src/main/java/org/codesecure/dependencycheck/utils/InvalidSettingException.java new file mode 100644 index 000000000..ed27520d5 --- /dev/null +++ b/src/main/java/org/codesecure/dependencycheck/utils/InvalidSettingException.java @@ -0,0 +1,66 @@ +package org.codesecure.dependencycheck.utils; +/* + * This file is part of DependencyCheck. + * + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. + * + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. + * + * Copyright (c) 2012 Jeremy Long. All Rights Reserved. + */ + +import java.io.IOException; + +/** + * An exception used when an error occurs reading a setting. + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public class InvalidSettingException extends IOException { + + private static final long serialVersionUID = 1L; + + /** + * Creates a new InvalidSettingException. + */ + public InvalidSettingException() { + super(); + } + + /** + * Creates a new InvalidSettingException. + * + * @param msg a message for the exception. + */ + public InvalidSettingException(String msg) { + super(msg); + } + + /** + * Creates a new InvalidSettingException. + * + * @param ex the cause of the setting exception. + */ + public InvalidSettingException(Throwable ex) { + super(ex); + } + + /** + * Creates a new InvalidSettingException. + * + * @param msg a message for the exception. + * @param ex the cause of the setting exception. + */ + public InvalidSettingException(String msg, Throwable ex) { + super(msg, ex); + } +} diff --git a/src/main/java/org/codesecure/dependencycheck/utils/Settings.java b/src/main/java/org/codesecure/dependencycheck/utils/Settings.java index 6817dbc7d..caecabfcc 100644 --- a/src/main/java/org/codesecure/dependencycheck/utils/Settings.java +++ b/src/main/java/org/codesecure/dependencycheck/utils/Settings.java @@ -2,18 +2,18 @@ package org.codesecure.dependencycheck.utils; /* * This file is part of DependencyCheck. * - * DependencyCheck is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. + * DependencyCheck is free software: you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation, either version 3 of the License, or (at your option) any + * later version. * - * DependencyCheck is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. + * DependencyCheck is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. * - * You should have received a copy of the GNU General Public License - * along with DependencyCheck. If not, see http://www.gnu.org/licenses/. + * You should have received a copy of the GNU General Public License along with + * DependencyCheck. If not, see http://www.gnu.org/licenses/. * * Copyright (c) 2012 Jeremy Long. All Rights Reserved. */ @@ -39,7 +39,8 @@ public class Settings { public abstract class KEYS { /** - * The properties key for the path where the CPE Lucene Index will be stored. + * The properties key for the path where the CPE Lucene Index will be + * stored. */ public static final String CPE_INDEX = "cpe"; /** @@ -51,15 +52,43 @@ public class Settings { */ public static final String CPE_META_URL = "cpe.meta.url"; /** - * The properties key for the path where the CCE Lucene Index will be stored. + * The properties key for the path where the CCE Lucene Index will be + * stored. */ public static final String CVE_INDEX = "cve"; + /** + * The properties key for the URL to retrieve the "meta" data from about + * the CVE entries. + */ + public static final String CVE_META_URL = "cve.url.meta"; + /** + * The properties key for the URL to retrieve the recently modified and + * added CVE entries (last 8 days). + */ + public static final String CVE_MODIFIED_URL = "cve.url.modified"; + /** + * The properties key for the URL to retrieve the recently modified and + * added CVE entries (last 8 days). + */ + public static final String CVE_MODIFIED_VALID_FOR_DAYS = "cve.url.modified.validfordays"; + /** + * The properties key for the telling us how many cvr.url.* URLs exists. + * This is used in combination with CVE_BASE_URL to be able to retrieve + * the URLs for all of the files that make up the NVD CVE listing. + */ + public static final String CVE_URL_COUNT = "cve.url.count"; + /** + * The properties key for the "base" property key for the CVE URLs (e.g. + * cve.url.1, cve.url.2, cve.url.n). + */ + public static final String CVE_BASE_URL = "cve.url."; /** * The properties key for the proxy url. */ public static final String PROXY_URL = "proxy.url"; /** - * The properties key for the proxy port - this must be an integer value. + * The properties key for the proxy port - this must be an integer + * value. */ public static final String PROXY_PORT = "proxy.port"; /** @@ -72,7 +101,8 @@ public class Settings { private Properties props = null; /** - * Private contructor for the Settings class. This class loads the properties files. + * Private constructor for the Settings class. This class loads the + * properties files. */ private Settings() { InputStream in = this.getClass().getClassLoader().getResourceAsStream(PROPERTIES_FILE); @@ -84,9 +114,9 @@ public class Settings { } } - /** * Sets a property value. + * * @param key the key for the property. * @param value the value for the property. */ @@ -95,14 +125,16 @@ public class Settings { } /** - * Merges a new properties file into the current properties. This - * method allows for the loading of a user provided properties file.

    + * Merges a new properties file into the current properties. This method + * allows for the loading of a user provided properties file.

    * Note: even if using this method - system properties will be loaded before * properties loaded from files. * * @param filePath the path to the properties file to merge. - * @throws FileNotFoundException is thrown when the filePath points to a non-existent file. - * @throws IOException is thrown when there is an exception loading/merging the properties. + * @throws FileNotFoundException is thrown when the filePath points to a + * non-existent file. + * @throws IOException is thrown when there is an exception loading/merging + * the properties. */ public static void mergeProperties(String filePath) throws FileNotFoundException, IOException { FileInputStream fis = new FileInputStream(filePath); @@ -110,13 +142,14 @@ public class Settings { } /** - * Merges a new properties file into the current properties. This - * method allows for the loading of a user provided properties file.

    + * Merges a new properties file into the current properties. This method + * allows for the loading of a user provided properties file.

    * Note: even if using this method - system properties will be loaded before * properties loaded from files. * * @param stream an Input Stream pointing at a properties file to merge. - * @throws IOException is thrown when there is an exception loading/merging the properties + * @throws IOException is thrown when there is an exception loading/merging + * the properties */ public static void mergeProperties(InputStream stream) throws IOException { INSTANCE.props.load(stream); @@ -125,8 +158,8 @@ public class Settings { /** * Returns a value from the properties file. If the value was specified as a * system property or passed in via the -Dprop=value argument - this method - * will return the value from the system properties before the values in - * the contained configuration file. + * will return the value from the system properties before the values in the + * contained configuration file. * * @param key the key to lookup within the properties file. * @param defaultValue the default value for the requested property. @@ -143,8 +176,8 @@ public class Settings { /** * Returns a value from the properties file. If the value was specified as a * system property or passed in via the -Dprop=value argument - this method - * will return the value from the system properties before the values in - * the contained configuration file. + * will return the value from the system properties before the values in the + * contained configuration file. * * @param key the key to lookup within the properties file. * @return the property from the properties file. @@ -154,40 +187,65 @@ public class Settings { } /** - * Returns an int value from the properties file. If the value was specified as a - * system property or passed in via the -Dprop=value argument - this method - * will return the value from the system properties before the values in - * the contained configuration file. + * Returns an int value from the properties file. If the value was specified + * as a system property or passed in via the -Dprop=value argument - this + * method will return the value from the system properties before the values + * in the contained configuration file. * * @param key the key to lookup within the properties file. * @return the property from the properties file. + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting. */ - public static int getInt(String key) { - return Integer.parseInt(Settings.getString(key)); - } - /** - * Returns a long value from the properties file. If the value was specified as a - * system property or passed in via the -Dprop=value argument - this method - * will return the value from the system properties before the values in - * the contained configuration file. - * - * @param key the key to lookup within the properties file. - * @return the property from the properties file. - */ - public static long getLong(String key) { - return Long.parseLong(Settings.getString(key)); + public static int getInt(String key) throws InvalidSettingException { + int value; + try { + value = Integer.parseInt(Settings.getString(key)); + } catch (NumberFormatException ex) { + throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); + } + return value; } /** - * Returns a boolean value from the properties file. If the value was specified as a - * system property or passed in via the -Dprop=value argument - this method - * will return the value from the system properties before the values in - * the contained configuration file. + * Returns a long value from the properties file. If the value was specified + * as a system property or passed in via the -Dprop=value argument - this + * method will return the value from the system properties before the values + * in the contained configuration file. * * @param key the key to lookup within the properties file. * @return the property from the properties file. + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting. */ - public static boolean getBoolean(String key) { - return Boolean.parseBoolean(Settings.getString(key)); + public static long getLong(String key) throws InvalidSettingException { + long value; + try { + value = Long.parseLong(Settings.getString(key)); + } catch (NumberFormatException ex) { + throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); + } + return value; + } + + /** + * Returns a boolean value from the properties file. If the value was + * specified as a system property or passed in via the -Dprop=value argument + * - this method will return the value from the system properties before the + * values in the contained configuration file. + * + * @param key the key to lookup within the properties file. + * @return the property from the properties file. + * @throws InvalidSettingException is thrown if there is an error retrieving + * the setting. + */ + public static boolean getBoolean(String key) throws InvalidSettingException { + boolean value; + try { + value = Boolean.parseBoolean(Settings.getString(key)); + } catch (NumberFormatException ex) { + throw new InvalidSettingException("Could not convert property '" + key + "' to an int.", ex); + } + return value; } } \ No newline at end of file diff --git a/src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer index 0301b75d5..9f3ade19a 100644 --- a/src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer +++ b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.analyzer.Analyzer @@ -1,3 +1,4 @@ org.codesecure.dependencycheck.analyzer.JarAnalyzer org.codesecure.dependencycheck.analyzer.FileNameAnalyzer -org.codesecure.dependencycheck.data.cpe.CPEAnalyzer \ No newline at end of file +org.codesecure.dependencycheck.data.cpe.CPEAnalyzer +org.codesecure.dependencycheck.data.nvdcve.NvdCveAnalyzer \ No newline at end of file diff --git a/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource new file mode 100644 index 000000000..4fcc89797 --- /dev/null +++ b/src/main/resources/META-INF/services/org.codesecure.dependencycheck.data.CachedWebDataSource @@ -0,0 +1,2 @@ +org.codesecure.dependencycheck.data.nvdcve.Index +org.codesecure.dependencycheck.data.cpe.Index \ No newline at end of file diff --git a/src/main/resources/configuration/dependencycheck.properties b/src/main/resources/configuration/dependencycheck.properties index b5803d44e..7d657a35e 100644 --- a/src/main/resources/configuration/dependencycheck.properties +++ b/src/main/resources/configuration/dependencycheck.properties @@ -1,7 +1,34 @@ application.name=${pom.name} application.version=${pom.version} +# the path to the lucene index to store the cpe data cpe=data/cpe +# the path to the cpe xml file cpe.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.xml.gz +# the path to the cpe meta data file. cpe.meta.url=http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.2.meta +# the path to the lucene index to store the nvd cve data cve=data/cve +# the path to the nvd cve "meta" page where the timestamps for the last update files can be found. +cve.url.meta=http://nvd.nist.gov/download.cfm +# the path to the modified nvd cve xml file. +cve.url.modified=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-modified.xml + +# the number of days that the modified nvd cve data holds data for. We don't need +# to update the other files if we are within this timespan. Per NIST this file +# holds 8 days of updates, we are using 7 just to be safe. +cve.url.modified.validfordays=7 +# the number of cve.urls +cve.url.count=11 +# the paths to the various nvd cve files. +cve.url.1=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2002.xml +cve.url.2=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2003.xml +cve.url.3=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2004.xml +cve.url.4=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2005.xml +cve.url.5=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2006.xml +cve.url.6=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2007.xml +cve.url.7=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2008.xml +cve.url.8=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2009.xml +cve.url.9=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2010.xml +cve.url.10=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2011.xml +cve.url.11=http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2012.xml diff --git a/src/main/resources/schema/cpe/cpe-dictionary_2.2.xsd b/src/main/resources/schema/cpe/cpe-dictionary_2.2.xsd new file mode 100644 index 000000000..b08ed8ad5 --- /dev/null +++ b/src/main/resources/schema/cpe/cpe-dictionary_2.2.xsd @@ -0,0 +1,156 @@ + + + + + This is an XML Schema for the CPE Dictionary. It is used to transfer a collection of official CPE Names along with any necessary supporting information (title, references, automated check, etc.). For more information, consult the CPE Specification document. + + CPE Dictionary + Neal Ziring, Andrew Buttner + 2.2 + 03/11/2009 09:00:00 AM + + + + + + + + The cpe-list element acts as a top-level container for CPE Name items. Each individual item must be unique. Please refer to the description of ListType for additional information about the sturcture of this element. + + + + + + + + + The cpe-item element denotes a single CPE Name. Please refer to the description of ItemType for additional information about the sturcture of this element. + + + + + + + + + + + + + + + + + + + + The GeneratorType complex type defines an element that is used to hold information about when a particular document was compiled, what version of the schema was used, what tool compiled the document, and what version of that tools was used. Additional generator information is also allowed although it is not part of the official schema. Individual organizations can place generator information that they feel are important and these will be skipped during the validation. All that this schema really cares about is that the stated generator information is there. + + + + + The optional product_name element specifies the name of the application used to generate the file. + + + + + The optional product_version element specifies the version of the application used to generate the file. + + + + + The required schema_version element specifies the version of the schema that the document has been written against and that should be used for validation. + + + + + The required timestamp element specifies when the particular document was compiled. The format for the timestamp is yyyy-mm-ddThh:mm:ss. Note that the timestamp element does not specify item in the document was created or modified but rather when the actual XML document that contains the items was created. For example, a document might pull a bunch of existing items together, each of which having been created at some point in the past. The timestamp in this case would be when this combined document was created. + + + + + + + + The ItemType complex type defines an element that represents a single CPE Name. The required name attribute is a URI which must be a unique key and should follow the URI structure outlined in the CPE Specification. The optional title element is used to provide a human-readable title for the platform. To support uses intended for multiple languages, this element supports the ‘xml:lang’ attribute. At most one title element can appear for each language. The notes element holds optional descriptive material. Multiple notes elements are allowed, but only one per language should be used. Note that the language associated with the notes element applies to all child note elements. The optional references element holds external info references. The optional check element is used to call out an OVAL Definition that can confirm or reject an IT system as an instance of the named platform. Additional elements not part of the CPE namespace are allowed and are just skipped by validation. In essence, a dictionary file can contain additional information the a user can choose to use or not, but this information is not required to be used or understood. + + + + + + + + + + + + + + + + The ListType complex type defines an element that is used to hold a collection of individual items. The required generator section provides information about when the definition file was compiled and under what version. Additional elements not part of the CPE namespace are allowed and are just skipped by validation. In essence, a dictionary file can contain additional information the a user can choose to use or not, but this information is not required to be used or understood. + + + + + + + + + + The TextType complex type allows the xml:lang attribute to associate a specific language with an element's string content. + + + + + + + + + + The notesType complex type defines an element that consists of one or more child note elements. It is assumed that each of these note elements are representative of the same language as defined by their parent. + + + + + + + + + The ReferencesType complex type defines an element used to hold a collection of individual references. Each reference consists of a piece of text (intended to be human-readable) and a URI (intended to be a URL, and point to a real resource) and is used to point to extra descriptive material, for example a supplier's web site or platform documentation. + + + + + + + + + + + + + + + + The CheckType complex type is used to define an element for hold information about an individual check. It includes a checking system specification URI, string content, and an optional external file reference. The checking system specification should be the URI for a particular version of OVAL or a related system testing language, and the content will be an identifier of a test written in that language. The external file reference could be used to point to the file in which the content test identifier is defined. + + + + + + + + + + + + + + Define the format for acceptable CPE Names. A URN format is used with the id starting with the word cpe followed by :/ and then some number of individual components separated by colons. + + + + + + diff --git a/src/main/resources/schema/nvdcve/bindings.xml b/src/main/resources/schema/nvdcve/bindings.xml new file mode 100644 index 000000000..6da0d77a4 --- /dev/null +++ b/src/main/resources/schema/nvdcve/bindings.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/main/resources/schema/nvdcve/cce_0.1.xsd b/src/main/resources/schema/nvdcve/cce_0.1.xsd new file mode 100644 index 000000000..dfeb61f39 --- /dev/null +++ b/src/main/resources/schema/nvdcve/cce_0.1.xsd @@ -0,0 +1,61 @@ + + + + + CCE is at an early phase of adoption. This schema is a work in progress and is far from + final. Additional work with using CCEs in a practical setting is required. + + + + + + + + The format for a CCE name is CCE-NNNNNNNNNNN, where NNNNNNNNNNN is a sequence number. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + TODO: What does this identify? + + + + + TODO: should this be an enumeration? + + + + diff --git a/src/main/resources/schema/nvdcve/cpe-language_2.1.xsd b/src/main/resources/schema/nvdcve/cpe-language_2.1.xsd new file mode 100644 index 000000000..f29efd0eb --- /dev/null +++ b/src/main/resources/schema/nvdcve/cpe-language_2.1.xsd @@ -0,0 +1,101 @@ + + + + + This XML Schema defines the CPE Language. An individual CPE Name addresses a single part of an actual system. To identify more complex platform types, there needs to be a way to combine different CPE Names using logical operators. For example, there may be a need to identify a platform with a particular operating system AND a certain application. The CPE Language exists to satisfy this need, enabling the CPE Name for the operating system to be combined with the CPE Name for the application. For more information, consult the CPE Specification document. + + CPE Language + Neal Ziring, Andrew Buttner + 2.1 + 01/31/2008 09:00:00 AM + + + + + + + + This element is the root element of a CPE Language XML documents and therefore acts as a container for child platform definitions. + + + + + + + + + + + + + + + + + + + The platform element represents the description or qualifications of a particular IT platform type. The platform is defined by the logical-test child element. The id attribute holds a locally unique name for the platform. There is no defined format for this id, it just has to be unique to the containing language document. + The optional title element may appear as a child to a platform element. It provides a human-readable title for it. To support uses intended for multiple languages, this element supports the ‘xml:lang’ attribute. At most one title element can appear for each language. + The optional remark element may appear as a child of a platform element. It provides some additional description. Zero or more remark elements may appear. To support uses intended for multiple languages, this element supports the ‘xml:lang’ attribute. There can be multiple remarks for a single language. + + + + + + + + + + + The logical-test element appears as a child of a platform element, and may also be nested to create more complex logical tests. The content consists of one or more elements: fact-ref, and logical-test children are permitted. The operator to be applied, and optional negation of the test, are given as attributes. + + + + + + + + + + + The fact-ref element appears as a child of a logical-test element. It is simply a reference to a CPE Name that always evaluates to a Boolean result. + + + + + + + + + The OperatorEnumeration simple type defines acceptable operators. Each operator defines how to evaluate multiple arguments. + + + + + + + + + + + + This type allows the xml:lang attribute to associate a specific language with an element's string content. + + + + + + + + + + + + + Define the format for acceptable CPE Names. A URN format is used with the id starting with the word cpe followed by :/ and then some number of individual components separated by colons. + + + + + + diff --git a/src/main/resources/schema/nvdcve/cve_0.1.xsd b/src/main/resources/schema/nvdcve/cve_0.1.xsd new file mode 100644 index 000000000..2dc6e6f61 --- /dev/null +++ b/src/main/resources/schema/nvdcve/cve_0.1.xsd @@ -0,0 +1,70 @@ + + + + + + + + + + + + + Format for CVE Names is CVE-YYYY-NNNN, where YYYY is the year of publication and NNNN is a sequence number. + + + + + + + + + + + Enumeration containing valid values for CVE status: Candidate, Entry, and Deprecated + + + + + + + + + + + + + + + + + + Status of Vulnerability -- Candidate, Entry, Deprecated + + + + + Free text field to describe the vulnerability + + + + + Discretionary information and links relevant to a given vulnerability referenced by the CVE + + + + + + CVE name in the CVE-YYYY-NNNN format + + + + diff --git a/src/main/resources/schema/nvdcve/cvss-v2_0.2.xsd b/src/main/resources/schema/nvdcve/cvss-v2_0.2.xsd new file mode 100644 index 000000000..6e97973de --- /dev/null +++ b/src/main/resources/schema/nvdcve/cvss-v2_0.2.xsd @@ -0,0 +1,386 @@ + + + + + + + + + + + + Value restriction to single decimal values from 0.0 to 10.0, as used in CVSS scores + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Indicates if the vector has been approximated as the result of an upgrade from a previous CVSS version + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Base type for metrics that defines common attributes of all metrics. + + + + Indicates if the metrics have been upgraded from a previous version of CVSS. If fields that were approximated will have an approximated attribute set to 'true'. + + + + + + + + + "This schema was intentionally designed to avoid mixing classes and attributes between CVSS version 1, CVSS version 2, and future versions. Scores in the CVSS system are interdependent. The temporal score is a multiplier of the base score. The environmental score, in turn, is a multiplier of the temporal score. The ability to transfer these scores independently is provided on the assumption that the user understands the business logic. For any given metric, it is preferred that the score, as a minimum is provided, however the score can be re-created from the metrics or the multiplier and any scores they are dependent on." + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Base severity score assigned to a vulnerability by a source + + + + + Base exploit sub-score assigned to a vulnerability by a source + + + + + Base impact sub-score assigned to a vulnerability by a source + + + + + + Data source the vector was obtained from. Example: http://nvd.nist.gov or com.symantec.deepsight + + + + + + + + + + + + + + + + + + + Data source the vector was obtained from. Example: gov.nist.nvd or com.symantec.deepsight + + + + + + + + + + + + + + + + + The temporal score is the temporal multiplier times the base score. + + + + + The temporal multiplier is a number between zero and one. Reference the CVSS standard for computation. + + + + + + + + + + diff --git a/src/main/resources/schema/nvdcve/generateBindings.bat b/src/main/resources/schema/nvdcve/generateBindings.bat new file mode 100644 index 000000000..915de1bab --- /dev/null +++ b/src/main/resources/schema/nvdcve/generateBindings.bat @@ -0,0 +1,18 @@ +if not "%JAVA_HOME%" == "" goto JAVA_HOME_DEFINED + +:NO_JAVA_HOME +set XJC=xjc.exe +goto LAUNCH + +:JAVA_HOME_DEFINED +set XJC="%JAVA_HOME%\bin\xjc.exe" +goto LAUNCH + +:LAUNCH +%XJC% -extension -d ..\..\..\java -b "bindings.xml" -p "org.codesecure.dependencycheck.data.nvdcve.generated" -mark-generated "nvd-cve-feed_2.0.xsd" + +echo -------------------------------------------------------------- +echo IMPORTANT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +echo You must add the following annotation to the VulnerabilityType +echo @XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4") +echo -------------------------------------------------------------- \ No newline at end of file diff --git a/src/main/resources/schema/nvdcve/generateBindings.sh b/src/main/resources/schema/nvdcve/generateBindings.sh new file mode 100644 index 000000000..6e571f84f --- /dev/null +++ b/src/main/resources/schema/nvdcve/generateBindings.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +if [ -n "$JAVA_HOME" ] +then + XJC="$JAVA_HOME/bin/xjc.exe" +else + XJC=xjc.exe +fi + +exec "$XJC" -extension -d ../../../java -b "bindings.xml" -p "org.codesecure.dependencycheck.data.nvdcve.generated" -mark-generated "nvd-cve-feed_2.0.xsd" + +echo '--------------------------------------------------------------' +echo 'IMPORTANT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!' +echo 'You must add the following annotation to the VulnerabilityType' +echo '@XmlRootElement(name = "vulnerabilityType", namespace = "http://scap.nist.gov/schema/vulnerability/0.4")' +echo '--------------------------------------------------------------' \ No newline at end of file diff --git a/src/main/resources/schema/nvdcve/nvd-cve-feed_2.0.xsd b/src/main/resources/schema/nvdcve/nvd-cve-feed_2.0.xsd new file mode 100644 index 000000000..1561f8fe5 --- /dev/null +++ b/src/main/resources/schema/nvdcve/nvd-cve-feed_2.0.xsd @@ -0,0 +1,57 @@ + + + + + TODO: address distributed with for APP->OS resolution + This schema defines the structure of the National + Vulnerability Database XML feed files version: 1.2. The elements and + attribute in this document are described by xsd:annotation tags. This + file is kept at http://nvd.nist.gov/schema/nvdcve.xsd. The NVD XML + feeds are available at http://nvd.nist.gov/download.cfm. + + Release Notes: + Version 2.0: + * Redesign of the feed to integrate with the new vulnerability data + model schema. + + Version 1.2: + * CVSS version 2 scores and vectors have been added. Please see + http://nvd.nist.gov/cvss.cfm?vectorinfo and + http://www.first.org/cvss/cvss-guide.html for more information on + how to interpret this data. + + + + The root element of the NVD CVE feed. Multiple "entry" child elements describe specific NVD CVE entries. + + + + + + A CVE entry. + + + + + + The schema version number supported by the feed. + + + + + The date the feed was generated. + + + + + + + A CVE entry. + + + diff --git a/src/main/resources/schema/nvdcve/patch_0.1.xsd b/src/main/resources/schema/nvdcve/patch_0.1.xsd new file mode 100644 index 000000000..c2c94d834 --- /dev/null +++ b/src/main/resources/schema/nvdcve/patch_0.1.xsd @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + Human-formatted title for the patch. If none given, then duplicate of the name. + + + + + + + + + + + + + + Patches that superceded by the referenced patch. + + + + + Patches that supersede the patch comprising the current XML document. + + + + + + Identifier unique within the XML document for the given patch. + + + + + Vendor supplied name for the patch. Will use lower case and underscores for spaces, consistent with CPE naming conventions. + + + + + Boolean value. True of patch is superseded. False if not. + + + + + Indicates that a patch should not be used -- regardless of supersession. + + + + diff --git a/src/main/resources/schema/nvdcve/scap-core_0.1.xsd b/src/main/resources/schema/nvdcve/scap-core_0.1.xsd new file mode 100644 index 000000000..41d1ce5f6 --- /dev/null +++ b/src/main/resources/schema/nvdcve/scap-core_0.1.xsd @@ -0,0 +1,139 @@ + + + + + + + + + + + + + Data type for the check element, a checking system specification URI, string content, and an optional external file reference. The checking system specification should be the URI for a particular version of OVAL or a related system testing language, and the content will be an identifier of a test written in that language. The external file reference could be used to point to the file in which the content test identifier is defined. + + + + + + + + + + + + + + + + + The notesType defines an element that consists of one or more child note elements. It is assumed that each of these note elements are representative of the same language as defined by their parent. + + + + + + + + + + + Type for a reference in the description of a CPE item. This would normally be used to point to extra descriptive material, or the supplier's web site, or the platform documentation. It consists of a piece of text (intended to be human-readable) and a URI (intended to be a URL, and point to a real resource). + + + + + + + + + + + + + + + + + + + + This type allows the xml:lang attribute to associate a specific language with an element's string content. + + + + + + + + + + + + + + + + + + + + + + + + + + + Define the format for acceptable CPE Names. An urn format is used with the id starting with the word oval followed by a unique string, followed by the three letter code 'def', and ending with an integer. + + + + + + + + + Define the format for acceptable + searchableCPE Names. The URI escaped code '%25' may be used + to represent the character '%' which will be interpreted as a + wildcard. + + + + + + + + + The name pattern of a CPE component. + + + + + + + + + The name pattern of the CPE part component. + + + + + + + + + + + + diff --git a/src/main/resources/schema/nvdcve/vulnerability_0.4.xsd b/src/main/resources/schema/nvdcve/vulnerability_0.4.xsd new file mode 100644 index 000000000..48989e7cf --- /dev/null +++ b/src/main/resources/schema/nvdcve/vulnerability_0.4.xsd @@ -0,0 +1,260 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + The security protection type + + + + + gain administrative access + + + + + gain user access + + + + + + + + + + + + + + + + + + + + + + + + + A single fix action should only cover a single patch application, software update, configuration change, or external fix. Dependencies should be documented by using the "next_fix_action" element to point to a recursive list of fix actions. + + + + + + + CPE name of the software update package. + + + + + + + + + + States whether the fix action fully avoids the risk associated with the vulnerability or reduces risk to some extent. + + + + + Describes or points to the check/test (either OVAL or other) that this particular fix action addresses. E.G. applying this fix will change the value of this test result. + + + + + + + + Unique value within the source. Will be used with the source element to serve as a global unique identifier. + + + + + Should be a URI-like -- e.g. inverted DNS address e.g mil.jtf-gno + + + + + + + + + + + + + + + + + + + The CPE name of the scanning tool. A value must be supplied for this element. The CPE name can be used for a CPE from the NVD. The CPE title attribute can be used for internal naming conventions. (or both, if possible) + + + + + Defines required signature or policy definition that must be installed on the tool. + + + + + + + + + + + + + + + + + + + + + + + + TODO: Low priority: Add reference to notes type to allow analysts, vendor and other comments. Add source attribute. Maybe categorization? + + + + + + + + + + + + + + + + + + + + + + + Denotes a scanner and required configuration that is capable of detecting the referenced vulnerability. May also be an OVAL definition and omit scanner name. + + + + + + + This element should ultimately be held in a threat model. + + + + + + + + + + + TODO: revisit referenceType and textType + Extends the base "reference" class by adding the ability to specify which kind (within the vulnerability model) of reference it is. See "Vulnerability_Reference_Category_List" enumeration. + + + + + TODO: determine purpose + + + + + + + + + + + + + + diff --git a/src/main/resources/templates/HtmlReport.vsl b/src/main/resources/templates/HtmlReport.vsl index 96e86895c..b24c3aff1 100644 --- a/src/main/resources/templates/HtmlReport.vsl +++ b/src/main/resources/templates/HtmlReport.vsl @@ -374,7 +374,25 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved. #end #end - + + #if($dependency.getVulnerabilities().size()>0) + #set($cnt=$cnt+1) +

    Published Vulnerabilities

    +
    + #foreach($vuln in $dependency.getVulnerabilities()) +

    $esc.html($vuln.name)

    +

    $esc.html($vuln.description) + #if ($vuln.getReferences().size()>0) +

      + #foreach($ref in $vuln.getReferences()) +
    • $esc.html($ref.source) - $ref.name
      • + #end +
    + #end +

    + #end +
    + #end #end diff --git a/src/test/java/org/codesecure/dependencycheck/EngineTest.java b/src/test/java/org/codesecure/dependencycheck/EngineTest.java index 44e2c7dba..7a7f2599e 100644 --- a/src/test/java/org/codesecure/dependencycheck/EngineTest.java +++ b/src/test/java/org/codesecure/dependencycheck/EngineTest.java @@ -4,7 +4,6 @@ */ package org.codesecure.dependencycheck; -import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase; import org.codesecure.dependencycheck.reporting.ReportGenerator; import org.junit.After; import org.junit.AfterClass; @@ -17,10 +16,11 @@ import static org.junit.Assert.*; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class EngineTest extends BaseIndexTestCase { +public class EngineTest { - public EngineTest(String testName) { - super(testName); + public EngineTest() throws Exception { + org.codesecure.dependencycheck.data.nvdcve.BaseIndexTestCase.ensureIndexExists(); + org.codesecure.dependencycheck.data.cpe.BaseIndexTestCase.ensureIndexExists(); } @BeforeClass diff --git a/src/test/java/org/codesecure/dependencycheck/data/lucene/BaseIndexTestCase.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/BaseIndexTestCase.java similarity index 91% rename from src/test/java/org/codesecure/dependencycheck/data/lucene/BaseIndexTestCase.java rename to src/test/java/org/codesecure/dependencycheck/data/cpe/BaseIndexTestCase.java index fe6b49837..2f13f5daa 100644 --- a/src/test/java/org/codesecure/dependencycheck/data/lucene/BaseIndexTestCase.java +++ b/src/test/java/org/codesecure/dependencycheck/data/cpe/BaseIndexTestCase.java @@ -2,7 +2,7 @@ * To change this template, choose Tools | Templates * and open the template in the editor. */ -package org.codesecure.dependencycheck.data.lucene; +package org.codesecure.dependencycheck.data.cpe; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; @@ -30,15 +30,15 @@ public abstract class BaseIndexTestCase extends TestCase { ensureIndexExists(); } - protected void ensureIndexExists() throws Exception { - String indexPath = Settings.getString("cpe"); + public static void ensureIndexExists() throws Exception { + String indexPath = Settings.getString(Settings.KEYS.CPE_INDEX); java.io.File f = new File(indexPath); if (!f.exists()) { f.mkdirs(); FileInputStream fis = null; ZipInputStream zin = null; try { - File path = new File(this.getClass().getClassLoader().getResource("index.cpe.zip").getPath()); + File path = new File(BaseIndexTestCase.class.getClassLoader().getResource("index.cpe.zip").getPath()); fis = new FileInputStream(path); zin = new ZipInputStream(new BufferedInputStream(fis)); ZipEntry entry; diff --git a/src/test/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzerTest.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzerTest.java index e4929becc..c1fb3d971 100644 --- a/src/test/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzerTest.java +++ b/src/test/java/org/codesecure/dependencycheck/data/cpe/CPEAnalyzerTest.java @@ -11,7 +11,6 @@ import java.util.List; import java.util.Set; import org.apache.lucene.index.CorruptIndexException; import org.apache.lucene.queryParser.ParseException; -import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase; import org.codesecure.dependencycheck.dependency.Dependency; import org.codesecure.dependencycheck.analyzer.JarAnalyzer; import org.codesecure.dependencycheck.dependency.Evidence; diff --git a/src/test/java/org/codesecure/dependencycheck/data/cpe/EntryTest.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/EntryTest.java index 5541a230c..37e01ee7d 100644 --- a/src/test/java/org/codesecure/dependencycheck/data/cpe/EntryTest.java +++ b/src/test/java/org/codesecure/dependencycheck/data/cpe/EntryTest.java @@ -4,7 +4,6 @@ */ package org.codesecure.dependencycheck.data.cpe; -import org.codesecure.dependencycheck.data.cpe.Entry; import junit.framework.TestCase; /** diff --git a/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexIntegrationTest.java similarity index 81% rename from src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java rename to src/test/java/org/codesecure/dependencycheck/data/cpe/IndexIntegrationTest.java index 5a15e0746..47d0ed66e 100644 --- a/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexTest.java +++ b/src/test/java/org/codesecure/dependencycheck/data/cpe/IndexIntegrationTest.java @@ -5,12 +5,7 @@ package org.codesecure.dependencycheck.data.cpe; import java.io.File; -import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase; import java.io.IOException; -import java.util.logging.Level; -import java.util.logging.Logger; -import org.apache.lucene.analysis.Analyzer; -import org.apache.lucene.index.CorruptIndexException; import org.apache.lucene.store.Directory; import org.junit.After; import org.junit.AfterClass; @@ -23,9 +18,9 @@ import static org.junit.Assert.*; * * @author Jeremy Long (jeremy.long@gmail.com) */ -public class IndexTest extends BaseIndexTestCase { +public class IndexIntegrationTest extends BaseIndexTestCase { - public IndexTest(String testCase) { + public IndexIntegrationTest(String testCase) { super(testCase); } @@ -78,8 +73,8 @@ public class IndexTest extends BaseIndexTestCase { * Test of update method, of class Index. */ @Test - public void testUpdateIndexFromWeb() throws Exception { - System.out.println("updateIndexFromWeb"); + public void testUpdate() throws Exception { + System.out.println("update"); Index instance = new Index(); instance.update(); } @@ -91,8 +86,7 @@ public class IndexTest extends BaseIndexTestCase { public void testUpdateNeeded() throws Exception { System.out.println("updateNeeded"); Index instance = new Index(); - long expResult = 0L; - long result = instance.updateNeeded(); + instance.updateNeeded(); //if an exception is thrown this test fails. However, because it depends on the // order of the tests what this will return I am just testing for the exception. //assertTrue(expResult < result); diff --git a/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandlerTest.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandlerTest.java deleted file mode 100644 index 5561c6648..000000000 --- a/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/CPEHandlerTest.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ -package org.codesecure.dependencycheck.data.cpe.xml; - -import java.io.File; -import junit.framework.TestCase; - -/** - * - * @author jeremy - */ -public class CPEHandlerTest extends TestCase { - - public CPEHandlerTest(String testName) { - super(testName); - } - - @Override - protected void setUp() throws Exception { - super.setUp(); - } - - @Override - protected void tearDown() throws Exception { - super.tearDown(); - } - - - /** - * Test of all methods within class CPEHandler. - */ - public void testHandler() throws Exception { - System.out.println("CPEHandler"); - - File path = new File(this.getClass().getClassLoader().getResource("official-cpe-dictionary_v2.2.xml").getPath()); - - - Importer.importXML(path.getCanonicalPath()); - - } - - -} diff --git a/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/ImporterTest.java b/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/ImporterTest.java index 7a0529970..03e917bc9 100644 --- a/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/ImporterTest.java +++ b/src/test/java/org/codesecure/dependencycheck/data/cpe/xml/ImporterTest.java @@ -32,7 +32,7 @@ public class ImporterTest extends TestCase { /** * Test of all methods within class CPEHandler. - * @throws Exception is thrown when an excpetion occurs. + * @throws Exception is thrown when an excretion occurs. */ public void testHandler() throws Exception { System.out.println("importXML"); diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java new file mode 100644 index 000000000..3efbc6aa6 --- /dev/null +++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/BaseIndexTestCase.java @@ -0,0 +1,98 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package org.codesecure.dependencycheck.data.nvdcve; + +import org.codesecure.dependencycheck.data.cpe.*; +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.util.zip.ZipEntry; +import java.util.zip.ZipInputStream; +import junit.framework.TestCase; +import org.codesecure.dependencycheck.utils.Settings; + +/** + * + * @author Jeremy Long (jeremy.long@gmail.com) + */ +public abstract class BaseIndexTestCase extends TestCase { + + public BaseIndexTestCase(String testName) { + super(testName); + } + + @Override + protected void setUp() throws Exception { + super.setUp(); + ensureIndexExists(); + } + + public static void ensureIndexExists() throws Exception { + String indexPath = Settings.getString(Settings.KEYS.CVE_INDEX); + java.io.File f = new File(indexPath); + if (!f.exists()) { + f.mkdirs(); + FileInputStream fis = null; + ZipInputStream zin = null; + try { + File path = new File(BaseIndexTestCase.class.getClassLoader().getResource("index.nvdcve.zip").getPath()); + fis = new FileInputStream(path); + zin = new ZipInputStream(new BufferedInputStream(fis)); + ZipEntry entry; + while ((entry = zin.getNextEntry()) != null) { + if (entry.isDirectory()) { + continue; + } + int BUFFER = 2048; + String outputName = indexPath + File.separatorChar + entry.getName(); + FileOutputStream fos = null; + BufferedOutputStream dest = null; + try { + File o = new File(outputName); +// File oPath = new File(o.getParent()); +// if (!oPath.exists()) { +// oPath.mkdir(); +// } + o.createNewFile(); + fos = new FileOutputStream(o,false); + dest = new BufferedOutputStream(fos, BUFFER); + byte data[] = new byte[BUFFER]; + int count; + while ((count = zin.read(data, 0, BUFFER)) != -1) { + dest.write(data, 0, count); + } + } catch (Exception ex) { + String ignore = ex.getMessage(); + } finally { + try { + dest.flush(); + dest.close(); + dest = null; + } catch (Throwable ex) { String ignore = ex.getMessage(); } + try { + fos.close(); + fos = null; + } catch (Throwable ex) { String ignore = ex.getMessage(); } + } + } + } finally { + try { + if (zin!=null) { + zin.close(); + } + zin = null; + } catch (Throwable ex) { String ignore = ex.getMessage(); } + try { + if (fis!=null) { + fis.close(); + } + fis = null; + } catch (Throwable ex) { String ignore = ex.getMessage(); } + } + } + } +} diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexIntegrationTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexIntegrationTest.java new file mode 100644 index 000000000..8167fbe29 --- /dev/null +++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/IndexIntegrationTest.java @@ -0,0 +1,85 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package org.codesecure.dependencycheck.data.nvdcve; + +import java.io.File; +import java.util.Map; +import org.apache.lucene.store.Directory; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import org.junit.*; + +/** + * + * @author Jeremy + */ +public class IndexIntegrationTest extends BaseIndexTestCase { + + public IndexIntegrationTest(String testName) { + super(testName); + } + + @BeforeClass + public static void setUpClass() throws Exception { + } + + @AfterClass + public static void tearDownClass() throws Exception { + } + + @Before + public void setUp() { + } + + @After + public void tearDown() { + } + + /** + * Test of retrieveCurrentTimestampFromWeb method, of class Index. + */ + @Test + public void testRetrieveCurrentTimestampFromWeb() throws Exception { + System.out.println("retrieveCurrentTimestampFromWeb"); + Index instance = new Index(); + Map result = instance.retrieveCurrentTimestampsFromWeb(); + assertEquals(12, result.size()); + } + + /** + * Test of getDirectory method, of class Index. + */ + @Test + public void testGetDirectory() throws Exception { + System.out.println("getDirectory"); + Index instance = new Index(); + String exp = File.separatorChar + "target" + File.separatorChar + "data" + File.separatorChar + "cve"; + Directory result = instance.getDirectory(); + assertTrue(result.toString().contains(exp)); + } + + /** + * Test of update method, of class Index. + */ + @Test + public void testUpdate() throws Exception { + System.out.println("update"); + Index instance = new Index(); + instance.update(); + } + + /** + * Test of updateNeeded method, of class Index. + */ + @Test + public void testUpdateNeeded() throws Exception { + System.out.println("updateNeeded"); + Index instance = new Index(); + instance.updateNeeded(); + //if an exception is thrown this test fails. However, because it depends on the + // order of the tests what this will return I am just testing for the exception. + } + +} diff --git a/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java new file mode 100644 index 000000000..de95cbb11 --- /dev/null +++ b/src/test/java/org/codesecure/dependencycheck/data/nvdcve/xml/NvdCveXmlFilterTest.java @@ -0,0 +1,77 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ +package org.codesecure.dependencycheck.data.nvdcve.xml; + +import java.io.BufferedInputStream; +import java.io.DataInputStream; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.Reader; +import java.net.MalformedURLException; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.parsers.SAXParserFactory; +import org.codesecure.dependencycheck.data.nvdcve.generated.VulnerabilityType; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import static org.junit.Assert.*; +import org.xml.sax.Attributes; +import org.xml.sax.InputSource; +import org.xml.sax.Locator; +import org.xml.sax.SAXException; +import org.xml.sax.XMLReader; + +/** + * + * @author Jeremy + */ +public class NvdCveXmlFilterTest { + + public NvdCveXmlFilterTest() { + } + + @BeforeClass + public static void setUpClass() { + } + + @AfterClass + public static void tearDownClass() { + } + + @Before + public void setUp() { + } + + @After + public void tearDown() { + } + + /** + * Test of process method, of class NvdCveXmlFilter. + */ + @Test + public void testFilter() throws JAXBException, SAXException, ParserConfigurationException, MalformedURLException, IOException { + System.out.println("filter"); + + SAXParserFactory factory = SAXParserFactory.newInstance(); + factory.setNamespaceAware(true); + XMLReader reader = factory.newSAXParser().getXMLReader(); + + JAXBContext context = JAXBContext.newInstance("org.codesecure.dependencycheck.data.nvdcve.generated"); + NvdCveXmlFilter filter = new NvdCveXmlFilter(context); + + reader.setContentHandler(filter); + File file = new File(this.getClass().getClassLoader().getResource("nvdcve-2.0-2012.xml").getPath()); + Reader fileReader = new FileReader(file); + InputSource is = new InputSource(fileReader); + reader.parse(is); + } +} diff --git a/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java b/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java index cb1b72751..0da36f5b1 100644 --- a/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java +++ b/src/test/java/org/codesecure/dependencycheck/reporting/ReportGeneratorTest.java @@ -10,7 +10,7 @@ import java.util.ArrayList; import java.io.File; import org.codesecure.dependencycheck.dependency.Dependency; import java.util.HashMap; -import org.codesecure.dependencycheck.data.lucene.BaseIndexTestCase; +import org.codesecure.dependencycheck.data.cpe.BaseIndexTestCase; import java.util.Map; import org.codesecure.dependencycheck.dependency.Evidence.Confidence; import org.junit.After; diff --git a/src/test/java/org/codesecure/dependencycheck/utils/ChecksumTest.java b/src/test/java/org/codesecure/dependencycheck/utils/ChecksumTest.java index 608da1468..ef6b5789d 100644 --- a/src/test/java/org/codesecure/dependencycheck/utils/ChecksumTest.java +++ b/src/test/java/org/codesecure/dependencycheck/utils/ChecksumTest.java @@ -32,7 +32,7 @@ public class ChecksumTest extends TestCase { /** * Test of getChecksum method, of class Checksum. - * @throws Exception thrown when an excpetion occurs. + * @throws Exception thrown when an exception occurs. */ @Test public void testGetChecksum() throws Exception { diff --git a/src/test/java/org/codesecure/dependencycheck/utils/SettingsTest.java b/src/test/java/org/codesecure/dependencycheck/utils/SettingsTest.java index e652aa1c2..4edcd7032 100644 --- a/src/test/java/org/codesecure/dependencycheck/utils/SettingsTest.java +++ b/src/test/java/org/codesecure/dependencycheck/utils/SettingsTest.java @@ -101,7 +101,7 @@ public class SettingsTest extends TestCase { * Test of getInt method, of class Settings. */ @Test - public void testGetInt() { + public void testGetInt() throws InvalidSettingException { System.out.println("getInt"); String key = "SomeNumber"; int expResult = 85; @@ -114,7 +114,7 @@ public class SettingsTest extends TestCase { * Test of getLong method, of class Settings. */ @Test - public void testGetLong() { + public void testGetLong() throws InvalidSettingException { System.out.println("getLong"); String key = "SomeNumber"; long expResult = 300L; @@ -127,7 +127,7 @@ public class SettingsTest extends TestCase { * Test of getBoolean method, of class Settings. */ @Test - public void testGetBoolean() { + public void testGetBoolean() throws InvalidSettingException { System.out.println("getBoolean"); String key = "SomeBoolean"; Settings.setString(key, "false"); diff --git a/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id b/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id new file mode 100644 index 000000000..08ab89628 --- /dev/null +++ b/src/test/resources/nvdcve-2.0-2012.xml.REMOVED.git-id @@ -0,0 +1 @@ +e87a8b468d0d9a139c46cc0e0b94577f7f6fb06f \ No newline at end of file diff --git a/src/test/resources/nvdcve-2010.xml.REMOVED.git-id b/src/test/resources/nvdcve-2010.xml.REMOVED.git-id deleted file mode 100644 index 899b0f436..000000000 --- a/src/test/resources/nvdcve-2010.xml.REMOVED.git-id +++ /dev/null @@ -1 +0,0 @@ -826eb31ad4e2367a3382efe05d4524b767d4203d \ No newline at end of file diff --git a/src/test/resources/nvdcve-2011.xml.REMOVED.git-id b/src/test/resources/nvdcve-2011.xml.REMOVED.git-id deleted file mode 100644 index 227f9f5ed..000000000 --- a/src/test/resources/nvdcve-2011.xml.REMOVED.git-id +++ /dev/null @@ -1 +0,0 @@ -0ac14732689115248018d582505f6751e62fafe8 \ No newline at end of file diff --git a/src/test/resources/nvdcve-2012.xml b/src/test/resources/nvdcve-2012.xml deleted file mode 100644 index 6f0ee5d1f..000000000 --- a/src/test/resources/nvdcve-2012.xml +++ /dev/null @@ -1,192322 +0,0 @@ - - - - - The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability." - - - - - - - - - - - 1026493 - 51296 - MS12-001 - 47356 - oval:org.mitre.oval:def:14758 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability." - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-020 - -"By default, the Remote Desktop Protocol is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk. Note that on Windows XP and Windows Server 2003, Remote Assistance can enable RDP." - - - - - - - - - - - MS12-020 - oval:org.mitre.oval:def:14623 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability." - - - - - - - - - - - - 1026492 - 51292 - MS12-004 - 47485 - oval:org.mitre.oval:def:14337 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability." - - - - - - - - - - - - 1026492 - 51295 - MS12-004 - 47485 - oval:org.mitre.oval:def:14832 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." - - - - - - - - - - - 1026495 - 51270 - MS12-003 - 47479 - oval:org.mitre.oval:def:14879 - - - - - - - - - - - - - - - - - - - - - - - - - - - - The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability." - - - - - - - - - MS12-017 - oval:org.mitre.oval:def:15098 - - - - - - - - - - - - - - - - - - - - - The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability." - - - - - - - - - - 1026499 - 51291 - MS12-007 - 47516 - 47483 - oval:org.mitre.oval:def:14314 - - - - - - - - - - - Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021 - -'An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.' - -'The vulnerability could not be exploited remotely or by anonymous users.' - - - - - - - - - - - MS12-021 - oval:org.mitre.oval:def:15081 - - - - - - - - - - - Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-002 - -'The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.' - - - - - - - - - - - - MS12-002 - 1026494 - 51297 - 45189 - oval:org.mitre.oval:def:14393 - - - - - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly perform copy-and-paste operations, which allows user-assisted remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Copy and Paste Information Disclosure Vulnerability." - - - - - - - - - - MS12-010 - oval:org.mitre.oval:def:14835 - - - - - - - - - - - - - Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-010 - oval:org.mitre.oval:def:14310 - - - - - - - - - - - - Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." - - - - - - - - - - MS12-010 - oval:org.mitre.oval:def:14870 - - - - - - - - - - Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability." - - - - - - - - - - - - 1026497 - 51284 - MS12-005 - 47480 - oval:org.mitre.oval:def:14197 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." - - - - - - - - - - - - MS12-016 - oval:org.mitre.oval:def:13972 - - - - - - - - - - - - - - - - - - - - - - - - Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." - - - - - - - - - - - - MS12-016 - oval:org.mitre.oval:def:14513 - - - - - - - - - - - Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability." - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-022 - -'This is a remote code execution vulnerability.' - - - - - - - - - - - - MS12-022 - oval:org.mitre.oval:def:14973 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." - - - - - - - - - - MS12-011 - oval:org.mitre.oval:def:14637 - - - - - - - - - - Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." - - - - - - - - - - - - 1027042 - 53328 - MS12-031 - 49113 - oval:org.mitre.oval:def:15606 - 81731 - - - - - - - - - - Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. - - - - - - - - - - - - MS12-015 - oval:org.mitre.oval:def:14347 - - - - - - - - - - Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. - - - - - - - - - - - - MS12-015 - oval:org.mitre.oval:def:14965 - - - - - - - - - - The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. - - - - - - - - - https://issues.apache.org/bugzilla/show_bug.cgi?id=52256 - http://svn.apache.org/viewvc?view=revision&revision=1227292 - https://bugzilla.redhat.com/show_bug.cgi?id=785065 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - 48551 - http://httpd.apache.org/security/vulnerabilities_22.html - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. - - - - - - - - - apache-tomcat-parameter-dos(72425) - 51447 - DSA-2401 - http://tomcat.apache.org/security-7.html - http://tomcat.apache.org/security-6.html - http://tomcat.apache.org/security-5.html - HPSBUX02741 - 20120117 [SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. - - - - - - - - - http://samiam.org/blog/20111229.html - https://bugzilla.redhat.com/show_bug.cgi?id=771428 - [oss-security] 20120103 CVE request: maradns hash table collision cpu dos - [oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0287. Reason: This candidate is a duplicate of CVE-2012-0287. Notes: All CVE users should reference CVE-2012-0287 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. - - - - - - - - - http://www.openssl.org/news/secadv_20120104.txt - MDVSA-2012:007 - 78191 - openSUSE-SU-2012:0083 - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. - - - - - - - - - - - https://github.com/torvalds/linux/commit/8141c7f3e7aee618312fa1c15109e1219de784a7 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8141c7f3e7aee618312fa1c15109e1219de784a7 - https://bugzilla.redhat.com/show_bug.cgi?id=771764 - [oss-security] 20120508 Re: CVE Request -- kernel: futex: clear robust_list on execve - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=772075 - qemu-processtxdesc-bo(72656) - USN-1339-1 - 51642 - RHSA-2012:0050 - 47992 - 47741 - 47740 - openSUSE-SU-2012:0207 - FEDORA-2012-8604 - - - - - - - - - - Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. - - - - - - - - - - [openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030) - https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 - nova-security-bypass(72296) - USN-1326-1 - 51370 - 47543 - - - - - - - - - - - - - scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=773744 - 51407 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ - http://svn.apache.org/viewvc?view=revision&revision=1230065 - 48551 - 47410 - RHSA-2012:0128 - openSUSE-SU-2012:0314 - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - [oss-security] 20120109 CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability - [emacs-devel] 20120109 Security flaw in EDE; new release plans - [cedet-devel] 20120111 CEDET 1.0.1 available online - [cedet-devel] 20120109 Security flaw in EDE - 47515 - 47311 - [oss-security] 20110109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability - FEDORA-2012-0494 - FEDORA-2012-0462 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. - - - - - - - - - - - http://curl.haxx.se/curl-url-sanitize.patch - https://github.com/bagder/curl/commit/75ca568fa1c19de4c5358fed246686de8467c238 - https://bugzilla.redhat.com/show_bug.cgi?id=773457 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - SSRT100877 - HPSBMU02786 - http://curl.haxx.se/docs/adv_20120124.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. - - - - - - - - - https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 - openoffice-xml-info-disclosure(74235) - 52681 - 80307 - [oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) - MDVSA-2012:063 - MDVSA-2012:062 - MDVSA-2012:061 - http://www.libreoffice.org/advisories/CVE-2012-0037/ - DSA-2438 - http://vsecurity.com/resources/advisory/20120324-1/ - 48649 - 48542 - 48529 - 48526 - 48494 - 48493 - 48479 - RHSA-2012:0411 - RHSA-2012:0410 - FEDORA-2012-4663 - FEDORA-2012-4629 - http://librdf.org/raptor/RELEASE.html#rel2_0_7 - http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL, leading to a heap-based buffer overflow. - - - - - - - - - https://github.com/torvalds/linux/commit/fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba - https://github.com/torvalds/linux/commit/093019cf1b18dd31b2c3b77acce4e000e2cbc9ce - https://bugzilla.redhat.com/show_bug.cgi?id=773280 - [oss-security] 20120110 Re: CVE request: kernel: xfs heap overflow - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.9 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=093019cf1b18dd31b2c3b77acce4e000e2cbc9ce - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=772720 - [oss-security] 20120110 glib2 hash dos oCert-2011-003 - [gtk-devel-list] 20030529 Algorimic Complexity Attack on GLIB 2.2.1 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655044 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter. - - - - - - - - - - simplesamlphp-nocookie-logout-xss(72313) - 51372 - [oss-security] 20120120 Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting - DSA-2387 - 47534 - 47491 - 78254 - http://code.google.com/p/simplesamlphp/issues/detail?id=468 - - - - - - - - - - - - - - - - - - - - - - - - - The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40164 - http://www.wireshark.org/security/wnpa-sec-2012-01.html - [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities - [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities - oval:org.mitre.oval:def:15297 - - - - - - - - - - - - - - - - - - - - - - - - - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. - Per: http://cwe.mitre.org/data/definitions/476.html - -'CWE-476: NULL Pointer Dereference' - - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6634 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40194 - http://www.wireshark.org/security/wnpa-sec-2012-02.html - [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities - oval:org.mitre.oval:def:15368 - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. - - - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40266 - http://www.wireshark.org/security/wnpa-sec-2012-03.html - [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities - oval:org.mitre.oval:def:15324 - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call. - - - - - - - - - - - https://github.com/torvalds/linux/commit/a5cd335165e31db9dbab636fd29895d41da55dd2 - https://bugzilla.redhat.com/show_bug.cgi?id=772894 - [oss-security] 20120111 Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.5 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a5cd335165e31db9dbab636fd29895d41da55dd2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The em_syscall function in arch/x86/kvm/emulate.c in the KVM implementation in the Linux kernel before 3.2.14 does not properly handle the 0f05 (aka syscall) opcode, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application, as demonstrated by an NASM file. - - - - - - - - - https://github.com/torvalds/linux/commit/c2226fc9e87ba3da060e47333657cd6616652b84 - https://bugzilla.redhat.com/show_bug.cgi?id=773370 - [oss-security] 20120111 Re: CVE request -- kernel: kvm: syscall instruction induced guest panic - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.14 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c2226fc9e87ba3da060e47333657cd6616652b84 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter. - - - - - - - - - - http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service (game pause) by connecting to the server and not finishing the (1) authorization phase or (2) map download, aka a "slow read" attack. - - - - - - - - - http://vcs.openttd.org/svn/changeset/23764 - http://www.tt-forums.net/viewtopic.php?f=33&t=58073&hilit=pause#p989303 - [oss-security] 20120113 Re: CVE request for OpenTTD - [oss-security] 20120107 CVE request for OpenTTD - DSA-2524 - http://security.openttd.org/en/CVE-2012-0049 - 50137 - http://bugs.openttd.org/task/4955 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108. - - - - - - - - - 1026548 - 51563 - http://www.openssl.org/news/secadv_20120118.txt - 48528 - 47755 - 47677 - 47631 - 78320 - HPSBOV02793 - SSRT100891 - SSRT100747 - HPSBUX02737 - http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc - - - - - - - - - - - protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script. - - - - - - - - - http://svn.apache.org/viewvc?view=revision&revision=1235454 - https://bugzilla.redhat.com/show_bug.cgi?id=785069 - 51706 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - 48551 - RHSA-2012:0128 - openSUSE-SU-2012:0314 - http://httpd.apache.org/security/vulnerabilities_22.html - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libs/updater.py in GoLismero 0.6.3, and other versions before Git revision 2b3bb43d6867, as used in backtrack and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on GoLismero-controlled files, as demonstrated using Admin/changes.dat. - - - - - - - - - - - 78472 - [oss-security] 20120117 CVE-request: golismero symlink vulnerability - [oss-security] 20120117 Re: CVE-request: golismero symlink vulnerability - http://code.google.com/p/golismero/source/detail?r=2b3bb43d68676efd687361f7de29380189031ab8 - - - - - - - - - - The mem_write function in Linux kernel 2.6.39 and other versions, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=782642 - 51625 - RHSA-2012:0061 - RHSA-2012:0052 - [oss-security] 20120122 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling - [oss-security] 20120119 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling - [oss-security] 20120117 Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling - [oss-security] 20120118 CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling - USN-1336-1 - 47708 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc - http://blog.zx2c4.com/749 - - - - - - - - - - PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. - - - - - - - - - - https://bugs.php.net/bug.php?id=54446 - php-libxslt-security-bypass(72908) - DSA-2399 - 48668 - http://php.net/ChangeLog-5.php#5.3.9 - [oss-security] 20120117 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120115 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120114 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? - [oss-security] 20120113 CVE affected for PHP 5.3.9 ? - [oss-security] 20120113 Re: CVE affected for PHP 5.3.9 ? - openSUSE-SU-2012:0426 - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management. - - - - - - - - - https://github.com/torvalds/linux/commit/802f43594d6e4d2ac61086d239153c17873a0428 - https://bugzilla.redhat.com/show_bug.cgi?id=782696 - 1027085 - [oss-security] 20120117 Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - RPM before 4.9.1.3 does not properly validate region tags, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an invalid region tag in a package header to the (1) headerLoad, (2) rpmReadSignature, or (3) headerVerify function. - - - - - - - - - - - - openSUSE-SU-2012:0589 - openSUSE-SU-2012:0588 - https://bugzilla.redhat.com/show_bug.cgi?id=744858 - 52865 - 81010 - 49110 - 48716 - 48651 - http://rpm.org/wiki/Releases/4.9.1.3 - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=f23998251992b8ae25faf5113c42fee2c49c7f29 - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=e4eab2bc6d07cfd33f740071de7ddbb2fe2f4190 - RHSA-2012:0451 - FEDORA-2012-5421 - FEDORA-2012-5420 - FEDORA-2012-5298 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not properly validate region tags, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large region size in a package header. - - - - - - - - - - - - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b - openSUSE-SU-2012:0589 - openSUSE-SU-2012:0588 - https://bugzilla.redhat.com/show_bug.cgi?id=798585 - 52865 - 81010 - 49110 - 48716 - 48651 - http://rpm.org/wiki/Releases/4.9.1.3 - RHSA-2012:0451 - FEDORA-2012-5421 - FEDORA-2012-5420 - FEDORA-2012-5298 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. - - - - - - - - - - [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40166 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40165 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666 - http://www.wireshark.org/security/wnpa-sec-2012-01.html - [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities - oval:org.mitre.oval:def:15111 - - - - - - - - - - - - - - - - - - - - - - - - - wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in an AIX iptrace file. - - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40167 - http://www.wireshark.org/security/wnpa-sec-2012-01.html - [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities - [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities - oval:org.mitre.oval:def:15192 - - - - - - - - - - - - - - - - - - - - - - - - - The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell catpure file containing a record that is too small. - - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670 - http://www.wireshark.org/security/wnpa-sec-2012-01.html - [oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities - [oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities - oval:org.mitre.oval:def:15379 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169 - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter. - - - - - - - - - - - batavi-ajax-sql-injection(72449) - 51547 - [oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection - [oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php - http://voxel.dl.sourceforge.net/project/batavi/README.txt - 47582 - 78362 - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors. - - - - - - - - - databaseserver-listener-dos(72469) - 1026527 - 51458 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78419 - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. - - - - - - - - - ebusiness-forms-cve20120073(72478) - 51473 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78439 - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. - - - - - - - - - peoplesoft-enterprisecrm-cve20120074(72482) - 51472 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 47621 - 78441 - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. - - - - - - - - - mysql-server-cve20120075(72539) - 51526 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78374 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. - - - - - - - - - peoplesoft-enthcm-info-disc(72484) - 51474 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78395 - - - - - - - - - - - Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. - - - - - - - - - fusionmiddleware-weblogic-cve20120077(72477) - 51460 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78401 - JVNDB-2012-000007 - JVN#54779201 - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV). - - - - - - - - - ebusiness-aol-info-disc(72479) - 51477 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 47628 - 78399 - - - - - - - - - - - Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration. - - - - - - - - - sun-opensso-cve20120079(72501) - 1026536 - 51492 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 46646 - 78412 - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. - - - - - - - - - - peoplesoft-enterprisehcm-cve20120080(72481) - 51466 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. - - - - - - - - - - - sun-glassfishenterpriseserver-cve20120081(72503) - 51485 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78415 - - - - - - - - - - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors. - - - - - - - - - - databaseserver-corerdbms-cve20120082(72468) - 1026527 - 51453 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search. - - - - - - - - - - fusionmiddleware-webcenter-cve20120083(72470) - 51451 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. - - - - - - - - - fusionmiddleware-webcenter-cve20120084(72476) - 51454 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server. - - - - - - - - - fusionmiddleware-webcenter-cve20120085(72475) - 51457 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102. - - - - - - - - - mysql-serveruns-dos(72519) - 51509 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78377 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Benefits Administration. - - - - - - - - - peoplesoft-enterprisehcm-info-disc(72483) - 51480 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78397 - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. - - - - - - - - - peoplesoft-enterhcm-info-disc(72485) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance. - - - - - - - - - - peoplesoft-eptools-cve20120091(72486) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78402 - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. - - - - - - - - - sun-solaris-dos(72495) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78420 - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network. - - - - - - - - - sun-solarisunspec-dos(72498) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78422 - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. - - - - - - - - - sun-solaris-info-disc(72509) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78426 - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel. - - - - - - - - - sun-solarisunknown-dos(72510) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78427 - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd. - - - - - - - - - sun-solarisunsp-dos(72506) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78425 - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos. - - - - - - - - - - - sun-solaris-cve20120100(72496) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78421 - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102. - - - - - - - - - mysql-serveruns1-dos(72520) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78378 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101. - - - - - - - - - mysql-serveruns2-dos(72521) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78379 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel. - - - - - - - - - sun-solarisunspecified-dos(72499) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78423 - - - - - - - - - - - Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. - - - - - - - - - sun-glassfishenterpriseserver-dos(72497) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78417 - - - - - - - - - - - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. - - - - - - - - - - - virtualization-vmvirtualbox-cve20120105(72511) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - GLSA-201204-01 - 78442 - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. - - - - - - - - - - sun-solaris-cve20120109(72504) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78424 - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. - - - - - - - - - - - 51452 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - GLSA-201204-01 - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392. - - - - - - - - - - - HPSBMU02746 - SSRT100781 - - - - - - - - - - - Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393. - - - - - - - - - - - HPSBMU02746 - SSRT100781 - - - - - - - - - - - Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498. - - - - - - - - - - - SSRT100781 - HPSBMU02746 - - - - - - - - - - - Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. - - - - - - - - - - - SSRT100781 - HPSBMU02746 - - - - - - - - - - - Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126. - - - - - - - - - - hpux-wbem-sec-bypass(74391) - 52733 - 48593 - HPSBUX02755 - SSRT100667 - - - - - - - - - - Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125. - - - - - - - - - - hpux-wbem-security-bypass(74390) - 52734 - 48593 - HPSBUX02755 - SSRT100667 - - - - - - - - - - - Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors. - - - - - - - - - - - HPSBMU02756 - SSRT100596 - - - - - - - - - - HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - - - - - - - - - - - SSRT100817 - HPSBMU02759 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. - - - - - - - - - - - HPSBMU02759 - SSRT100817 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors. - - - - - - - - - HPSBMU02759 - SSRT100817 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - SSRT100774 - HPSBUX02758 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - HPSBMU02749 - SSRT100793 - - - - - - - - - - HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. - - - - - - - - - - - - HPSBPV02754 - SSRT100803 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors. - - - - - - - - - 1026935 - SSRT100828 - HPSBOV02765 - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. - - - - - - - - - 1026925 - SSRT100827 - HPSBMU02764 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. - - - - - - - - - - - - MS12-015 - oval:org.mitre.oval:def:14924 - - - - - - - - - - Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. - - - - - - - - - - - - MS12-015 - oval:org.mitre.oval:def:14602 - - - - - - - - - - Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. - - - - - - - - - - - - MS12-015 - oval:org.mitre.oval:def:14811 - - - - - - - - - - Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." - - - - - - - - - - - - MS12-030 - 1027041 - 53342 - 49112 - oval:org.mitre.oval:def:15152 - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." - - - - - - - - - - - - 1027041 - 53373 - MS12-030 - 49112 - oval:org.mitre.oval:def:15543 - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." - - - - - - - - - - - - 1027041 - 53374 - MS12-030 - 49112 - oval:org.mitre.oval:def:15064 - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." - - - - - - - - - - MS12-011 - oval:org.mitre.oval:def:14386 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." - - - - - - - - - - MS12-011 - oval:org.mitre.oval:def:14826 - - - - - - - - - - - - - Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." - - - - - - - - - - - MS12-026 - oval:org.mitre.oval:def:15476 - - - - - - - - - - - Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." - - - - - - - - - MS12-026 - oval:org.mitre.oval:def:15557 - - - - - - - - - - - afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." - - - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-009 - -'This vulnerability is not exploitable on 32-bit editions of Microsoft Windows.' - - - - - - - - - - - MS12-009 - oval:org.mitre.oval:def:14852 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." - - - - - - - - - - - MS12-009 - oval:org.mitre.oval:def:14958 - - - - - - - - - - - - Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." - - - - - - - - - - - - MS12-013 - oval:org.mitre.oval:def:14631 - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." - - - - - - - - - - - - MS12-024 - oval:org.mitre.oval:def:15594 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." - - - - - - - - - MS12-020 - oval:org.mitre.oval:def:14626 - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." - - - - - - - - - - - MS12-008 - oval:org.mitre.oval:def:14928 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-010 - oval:org.mitre.oval:def:14781 - - - - - - - - - - DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability." - - - - - - - - - - MS12-019 - oval:org.mitre.oval:def:14807 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." - - - - - - - - - - - MS12-018 - oval:org.mitre.oval:def:14217 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." - - - - - - - - - - - - MS12-027 - oval:org.mitre.oval:def:15462 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." - - - - - - - - - - - - 1027039 - 53335 - MS12-039 - MS12-034 - 49122 - 49121 - oval:org.mitre.oval:def:15667 - oval:org.mitre.oval:def:15388 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." - - - - - - - - - - - MS12-035 - 1027036 - 53356 - 49117 - oval:org.mitre.oval:def:15554 - - - - - - - - - - - - - - - - Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." - - - - - - - - - - - 1027036 - 53357 - MS12-035 - 49117 - oval:org.mitre.oval:def:14951 - - - - - - - - - - - - - - - - Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." - - - - - - - - - - - - 53358 - MS12-034 - oval:org.mitre.oval:def:14655 - - - - - - - - - - Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." - - - - - - - - - - - - MS12-025 - oval:org.mitre.oval:def:15495 - - - - - - - - - - - - - - - - Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." - - - - - - - - - 53363 - MS12-034 - oval:org.mitre.oval:def:15580 - - - - - - - - - - GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." - - - - - - - - - - - - 1027038 - 53347 - MS12-034 - 49121 - oval:org.mitre.oval:def:15621 - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." - - - - - - - - - - - - 1027038 - 53351 - MS12-034 - 49121 - oval:org.mitre.oval:def:15628 - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-023 - oval:org.mitre.oval:def:15577 - - - - - - - - - - - - - Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-023 - oval:org.mitre.oval:def:15611 - - - - - - - - - - Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-023 - oval:org.mitre.oval:def:15573 - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-023 - oval:org.mitre.oval:def:15313 - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-023 - oval:org.mitre.oval:def:15550 - - - - - - - - - - - - The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002. - - - - - - - - - - - MS12-036 - oval:org.mitre.oval:def:15116 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." - - - Per http://technet.microsoft.com/en-us/security/bulletin/ms12-032 "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability." "In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. An attacker could then use another vulnerability to acquire information about the target system or execute code on the target system." - - - - - - - - - 1027044 - MS12-032 - 49114 - oval:org.mitre.oval:def:15160 - 81730 - - - - - - - - - - - - - - - - - - - The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." - - - - - - - - - - - - MS12-048 - oval:org.mitre.oval:def:14897 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." - - - - - - - - - - - - 1027040 - 53360 - MS12-034 - 49122 - oval:org.mitre.oval:def:15574 - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." - - - - - - - - - - - - MS12-028 - oval:org.mitre.oval:def:15598 - - - - - - - - - - - - - - - - Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." - - - - - - - - - - - MS12-033 - 49115 - oval:org.mitre.oval:def:15229 - 81735 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." - - - - - - - - - - - 1027044 - MS12-032 - 49114 - oval:org.mitre.oval:def:14908 - 81729 - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." - - - - - - - - - - - 1027039 - MS12-034 - oval:org.mitre.oval:def:15466 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." - - - - - - - - - - - 1027039 - MS12-034 - oval:org.mitre.oval:def:15355 - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." - - - - - - - - - - - - MS12-029 - 1027035 - 53344 - 49111 - oval:org.mitre.oval:def:15327 - - - - - - - - - - - - - - - - - - - - Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." - - - - - - - - - - - - 1027041 - 53375 - MS12-030 - 49112 - oval:org.mitre.oval:def:14789 - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." - - - - - - - - - - - - 1027041 - MS12-030 - 49112 - oval:org.mitre.oval:def:14738 - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in the Eclipse Help component in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows remote attackers to discover the locations of files via a crafted URL. - - - - - - - - - - lotusexpeditor-ehelp-dir-traversal(72096) - http://www.ibm.com/support/docview.wss?uid=swg21575642 - - - - - - - - - - - - - - - Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' - - - - - - - - - - - - lotusexpeditor-dll-code-execution(72097) - http://www.ibm.com/support/docview.wss?uid=swg21575642 - - - - - - - - - - - - - - - Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. - - - - - - - - - - - - spss-mraboutb-activex-code-execution(72118) - http://www-01.ibm.com/support/docview.wss?uid=swg21577956 - 47565 - 78329 - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document. - - - - - - - - - - - - spss-vsview6-activex-code-execution(72119) - http://www.ibm.com/support/docview.wss?uid=swg21577951 - 47605 - - - - - - - - - - Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. - - - - - - - - - - - - spss-wxporthtml-activex-code-execution(72121) - http://www-01.ibm.com/support/docview.wss?uid=swg21577956 - 47565 - - - - - - - - - - - - - - - The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack does not properly perform access control for requests, which allows remote attackers to spoof a localhost request origin via crafted headers. - - - - - - - - - lotusexpeditor-acm-security-bypass(72156) - http://www.ibm.com/support/docview.wss?uid=swg21575642 - - - - - - - - - - - - - - - Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. - - - - - - - - - - - - lotus-symphony-vclmi-bo(72424) - 51591 - http://www-01.ibm.com/support/docview.wss?uid=swg21578684 - 47245 - 78345 - - - - - - - - - - - - - IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg24031821 - http://www-01.ibm.com/support/docview.wss?uid=swg21577532 - PM53930 - 78321 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets. - - - - - - - - - http://aix.software.ibm.com/aix/efixes/security/large_send_advisory.asc - aix-tcpstack-dos(72562) - 51864 - IV14211 - IV14210 - IV14209 - IV13827 - IV13820 - IV13751 - 1026640 - 47865 - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via the display name. - - - - - - - - - mam-sclc-xss(72612) - http://www.ibm.com/support/docview.wss?uid=swg21584666 - IV09198 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file. - - - - - - - - - - - - tpme-isigisigctl1-bo(73033) - http://www.zerodayinitiative.com/advisories/ZDI-12-040/ - - - - - - - - - - Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. - - - - - - - - - - - tpme-multiple-sql-injection(73034) - http://www.zerodayinitiative.com/advisories/ZDI-12-040/ - - - - - - - - - - The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition. - - - - - - - - - soliddb-redundant-where-dos(73126) - http://www.ibm.com/support/docview.wss?uid=swg27021052 - IC81244 - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file. - - - - - - - - - - - - pcom-pcspref-bo(73127) - http://www.stratsec.net/Research/Advisories/IBM-Personal-Communications-I-Series-Access-WorkSt - http://www.metasploit.com/modules/exploit/windows/fileformat/ibm_pcm_ws - 18539 - http://www-01.ibm.com/support/docview.wss?uid=swg21586166 - IC81539 - http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/fileformat/ibm_pcm_ws.rb - - - - - - - - - - - - Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data. - - - - - - - - - - - cognos-tm1admsd-bo(73182) - http://www-01.ibm.com/support/docview.wss?uid=swg24032166 - http://www-01.ibm.com/support/docview.wss?uid=swg24032165 - http://www-01.ibm.com/support/docview.wss?uid=swg24032164 - http://www-01.ibm.com/support/docview.wss?uid=swg21590314 - - - - - - - - - - - - - common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. - - - - - - - - - http://doc.powerdns.com/powerdns-advisory-2012-01.html - https://bugzilla.redhat.com/show_bug.cgi?id=772570 - http://doc.powerdns.com/changelog.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets. - - - - - - - - - https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27 - https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b - https://bugzilla.redhat.com/show_bug.cgi?id=772867 - [oss-security] 20120110 CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh. - - - - - - - - - - - 1026950 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file. - - - - - - - - - - - - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=797ddc961532eb0aeb46153e3f28c8e9ea0500d2 - devscripts-dsc-code-execution(73215) - 52029 - 79319 - DSA-2409 - USN-1366-1 - 48039 - 47955 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package. - - - - - - - - - - - - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f - devscripts-commands-code-execution(73216) - 52029 - 79320 - DSA-2409 - USN-1366-1 - 48039 - 47955 - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument. - - - - - - - - - - - - devscripts-debdiff-code-execution(73217) - 52029 - 79322 - DSA-2409 - USN-1366-1 - 48039 - 47955 - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=799078 - DSA-2468 - 49040 - FEDORA-2012-10835 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. - - - - - - - - - - http://hg.tryton.org/trytond/rev/8e64d52ecea4 - https://bugs.tryton.org/issue2476 - DSA-2444 - http://news.tryton.org/2012/03/security-releases-for-all-supported.html - - - - - - - - - - - - - - The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server. - - - - - - - - - - - gnulinux-apache2-xss(75211) - DSA-2452 - - - - - - - - - - - - The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; and Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: this description clearly does not belong in CVE, because a single entry cannot be about independent codebases; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. - - - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-042 - -'This vulnerability only affects Intel x64-based versions of Windows 7 and Windows Server 2008 R2. Systems with AMD or ARM-based CPUs are not affected by this vulnerability.' - - - - - - - - - - - VU#649219 - MS12-042 - https://www.illumos.org/issues/2873 - https://bugzilla.redhat.com/show_bug.cgi?id=813428 - http://wiki.smartos.org/display/DOC/SmartOS+Change+Log#SmartOSChangeLog-June14%2C2012 - http://support.citrix.com/article/CTX133161 - http://smartos.org/2012/06/15/smartos-news-3/ - FreeBSD-SA-12:04 - oval:org.mitre.oval:def:15596 - [xen-devel] 20120619 Security vulnerability process, and CVE-2012-0217 - [xen-announce] 20120612 Xen Security Advisory 7 (CVE-2012-0217) - PV privilege escalation - NetBSD-SA2012-003 - http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/ - http://blog.illumos.org/2012/06/14/illumos-vulnerability-patched/ - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address. - - - - - - - - - - - http://www.dest-unreach.org/socat/contrib/socat-secadv3.html - 1027064 - 81969 - [oss-security] 20120514 socat security advisory - openSUSE-SU-2012:0809 - 49746 - 49105 - FEDORA-2012-8328 - FEDORA-2012-8274 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags. - - - - - - - - - - ikiwiki-unspecified-xss(75702) - 53599 - DSA-2474 - http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=fbfcea89f8e06426c73ab8ea369ca4cdc566db6f - 49232 - 49199 - 81995 - http://ikiwiki.info/news/version_3.20120516/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf - http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 - - - - - - - - - - - - - - - - - The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted packet. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-088-01.pdf - http://rockwellautomation.custhelp.com/app/answers/detail/a_id/469937 - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02A.pdf - -'This vulnerability may be exploitable from a remote machine.' - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02A.pdf - - - - - - - - - - - Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-02.pdf - -'This vulnerability may be exploitable from a remote machine' - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-025-01.pdf - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf - - - - - - - - - - - SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf - - - - - - - - - - - Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf - - - - - - - - - - - The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-01.pdf - http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14767 - - - - - - - - - - - - - - - - PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf - http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766 - - - - - - - - - - - - - - - PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf - http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766 - - - - - - - - - - - - - - - Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-03.pdf - http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14768 - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk." - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf - http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf - http://www.zerodayinitiative.com/advisories/ZDI-12-033/ - 48090 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf - integraxor-activex-directory-traversal(74388) - 80650 - - - - - - - - - - - - - - ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image. - - - - - - - - - - - - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 - 79003 - GLSA-201203-09 - DSA-2427 - http://www.cert.fi/en/reports/2012/vulnerability595210.html - USN-1435-1 - 49068 - 49063 - 49043 - 48259 - 48247 - 47926 - RHSA-2012:0545 - RHSA-2012:0544 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF. - - - - - - - - - - 51957 - 79003 - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20286 - GLSA-201203-09 - DSA-2427 - http://www.cert.fi/en/reports/2012/vulnerability595210.html - USN-1435-1 - 49068 - 49063 - 49043 - 48259 - 48247 - 47926 - RHSA-2012:0545 - RHSA-2012:0544 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. - - - - - - - - - VU#551715 - https://bugzilla.quagga.net/show_bug.cgi?id=705 - FEDORA-2012-5436 - FEDORA-2012-5411 - FEDORA-2012-5352 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field. - - - - - - - - - VU#551715 - FEDORA-2012-5436 - FEDORA-2012-5411 - FEDORA-2012-5352 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8Q6JEG - VU#400619 - - - - - - - - - - Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf - https://www.honeywellprocess.com/en-US/support/pages/all-notifications.aspx - - - - - - - - - - - - - - - - - - - - The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). - - - - - - - - - VU#551715 - FEDORA-2012-5436 - FEDORA-2012-5411 - FEDORA-2012-5352 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header. - - - - - - - - - http://trafficserver.apache.org/downloads - https://www.cert.fi/en/reports/2012/vulnerability612884.html - 20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256 - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf - https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the AddFile member. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf - https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 - imagemagick-jpegexif-dos(74657) - 52898 - 81021 - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 - DSA-2462 - http://www.cert.fi/en/reports/2012/vulnerability635606.html - USN-1435-1 - 49317 - 49063 - 49043 - 48974 - 48679 - RHSA-2012:0544 - openSUSE-SU-2012:0692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers. - - - - - - - - - 52898 - imagemagick-jpegwarninghandler-dos(74658) - 81022 - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 - DSA-2462 - http://www.cert.fi/en/reports/2012/vulnerability635606.html - 49317 - 49068 - 49063 - 48974 - RHSA-2012:0545 - RHSA-2012:0544 - openSUSE-SU-2012:0692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pathname for a file. - - - - - - - - - - - - 53578 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL. - - - - - - - - - - - - ntr-download-bo(72293) - ntr-check-bo(72292) - ntr-startmodule-bo(72291) - http://secunia.com/secunia_research/2012-1/ - 45166 - 78252 - 20120111 Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities - - - - - - - - - - The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer. - - - - - - - - - - - - ntr-stopmodule-code-exec(72295) - http://secunia.com/secunia_research/2012-2/ - 45166 - - - - - - - - - - Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. - - - - - - - - - - - - 47041 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, oreplug, Shuriken Pro4, Shuriken 2007 through 2010, Shuriken Pro4 Corporate Edition, Shuriken CE/2007 through CE/2009 Corporate Edition, Shuriken 2010 Corporate Edition, Rekishimail Sengokubusho no missho, and Bakumatsushishi no missho allows remote attackers to execute arbitrary code via a crafted image file. - - - - - - - - - - - - http://www.justsystems.com/jp/info/js12001.html - JVNDB-2012-000035 - JVN#09619876 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-20.html - http://www.adobe.com/support/security/bulletins/apsb12-11.html - http://secunia.com/secunia_research/2012-29/ - - - - - - - - - - - - - - - - - Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL. - - - - - - - - - - - - http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=49 - http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=48 - 19338 - 19337 - 48666 - http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 - - - - - - - - - - Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. - - - - - - - - - - - - http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=50 - 19336 - 48666 - http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 - - - - - - - - - - Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression. - - - - - - - - - - - - http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=41&Itemid=41 - 48772 - - - - - - - - - - - Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file. - - - - - - - - - - - quest-toad-insecure-permissions(75192) - http://secunia.com/secunia_research/2012-13/ - - - - - - - - - - Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. - - - - - - - - - - - - http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=51 - 83086 - 19335 - 48666 - http://newsgroup.xnview.com/viewtopic.php?f=35&t=25858 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php. - - - - - - - - - - http://secunia.com/secunia_research/2012-24/ - http://bugs.dokuwiki.org/index.php?do=details&task_id=2561 - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). - - - - - - - - - - - - http://secunia.com/secunia_research/2012-25/ - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.stone-ware.com/swql.jsp?kb=d1960 - http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf - http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts. - - - - - - - - - - - - http://www.stone-ware.com/swql.jsp?kb=d1960 - http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf - http://infosec42.blogspot.com/2012/01/cve-2012-0285-and-cve-2012-0286.html - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature. - - - - - - - - - - https://wordpress.org/news/2012/01/wordpress-3-3-1/ - 1026542 - http://oldmanlab.blogspot.com/2012/01/wordpress-33-xss-vulnerability.html - - - - - - - - - - Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script. - - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 - 51795 - - - - - - - - - - - - - - - - - - - - - - - - Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session." - - - - - - - - - - - pcanywhere-unauth-access(72996) - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00 - 51862 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00 - 51965 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00 - 52094 - 18493 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120314_00 - 52392 - - - - - - - - - - - - - - Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors. - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 - 53182 - - - - - - - - - - - - The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_01 - 53184 - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 - 53396 - - - - - - - - - - - - The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 - 53444 - - - - - - - - - - - - The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 - 53442 - - - - - - - - - - - - The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 - 53443 - - - - - - - - - - - - Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 - 54136 - - - - - - - - - - Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 - 54135 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 - 54134 - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. - - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 - 54133 - - - - - - - - - - Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120615_00 - 53903 - http://www.nessus.org/plugins/index.php?view=single&id=59193 - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5 allows local users to gain privileges via a Trojan horse DLL in the current working directory. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' - - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_01 - 54594 - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 - 55138 - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway before 10.0 allows remote attackers to hijack the authentication of administrators. - - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 - 55137 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - cogentdatahub-unspecified-xss(72305) - http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf - 51375 - http://www.cogentdatahub.com/ReleaseNotes.html - 47525 - 47496 - JVNDB-2012-000001 - JVN#12983784 - - - - - - - - - - - - - - - - - - - - - CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. - - - - - - - - - - - cogentdatahub-unspecified-header-injection(72306) - http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf - 51375 - http://www.cogentdatahub.com/ReleaseNotes.html - 47525 - 47496 - JVNDB-2012-000002 - JVN#63249231 - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://sourceforge.jp/forum/forum.php?forum_id=28119 - JVNDB-2012-000004 - JVN#36559450 - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://sourceforge.jp/forum/forum.php?forum_id=28119 - JVNDB-2012-000005 - JVN#64386898 - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed. - - - - - - - - - - JVNDB-2012-000008 - JVN#65869891 - http://glucose.jp/release/19 - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities on the eAccess Pocket WiFi (aka GP02) router before 2.00 with firmware 11.203.11.05.168 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device. - - - - - - - - - - - - 51782 - 47795 - JVNDB-2012-000010 - JVN#33021167 - http://emobile.jp/topics/info20120201_01.html - - - - - - - - - - - - - Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - http://www.altools.jp/download.aspx - http://www.altools.jp/ETC/NEWS.aspx?mid=231&vidx=118 - JVNDB-2012-000011 - JVN#85695061 - http://jvn.jp/en/jp/JVN85695061/995223/index.html - - - - - - - - - - - - - - The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier applications for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - JVNDB-2012-000014 - JVN#25731073 - http://cookpad.typepad.jp/help/2012/02/23oshirase.html - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script. - - - - - - - - - - - - http://www.movabletype.org/documentation/appendices/release-notes/513.html - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html - JVNDB-2012-000015 - JVN#70683217 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262. - - - - - - - - - - http://www.movabletype.org/documentation/appendices/release-notes/513.html - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html - JVNDB-2012-000016 - JVN#49836527 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue. - - - - - - - - - - - http://www.movabletype.org/documentation/appendices/release-notes/513.html - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html - JVNDB-2012-000017 - JVN#92683325 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script. - - - - - - - - - - - http://www.movabletype.org/documentation/appendices/release-notes/513.html - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html - JVNDB-2012-000018 - JVN#20083397 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application. - - - - - - - - - http://www.kingsoft.jp/support/security/support_news/supportnews_20120229 - JVNDB-2012-000019 - JVN#31517714 - - - - - - - - - - The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. - - - - - - - - - - JVNDB-2012-000020 - JVN#08871006 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://squirrelmail.org/plugin_view.php?id=32 - JVNDB-2012-000021 - JVN#56653852 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325. - - - - - - - - - - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb - JVNDB-2012-000022 - JVN#14791558 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in CloudBees Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324. - - - - - - - - - - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb - JVNDB-2012-000023 - JVN#79950061 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application. - - - - - - - - - https://play.google.com/store/apps/details?id=jp.r246.twicca - http://twicca.r246.jp/notice/ - JVNDB-2012-000024 - JVN#31860555 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.redmine.org/versions/42 - JVNDB-2012-000025 - JVN#93406632 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain session information for twitter.com web sites via unspecified vectors. - - - - - - - - - janetter-info-disclosure(74132) - 48480 - 80334 - JVNDB-2012-000026 - JVN#10745573 - http://janetter.net/history.html - http://blog.janetter.net/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. - - - - - - - - - - - 1026541 - 20120118 Cisco Digital Media Manager Privilege Escalation Vulnerability - - - - - - - - - - - - - - - - - - - - - - Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a malformed SIP message, aka Bug ID CSCtr20426. - Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs - -'Vulnerable Products -These vulnerabilities affect all three variants (Control, Expressway, and Starter Pack Express) of Cisco TelePresence Video Communication Server.' - - - - - - - - - 20120229 Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities - - - - - - - - - - - - - - - - - - Cisco TelePresence Video Communication Server with software before X7.0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP packet, as demonstrated by a SIP INVITE message from a Tandberg device, aka Bug ID CSCtq73319. - Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-vcs - -'Vulnerable Products -These vulnerabilities affect all three variants (Control, Expressway, and Starter Pack Express) of Cisco TelePresence Video Communication Server.' - - - - - - - - - - - 20120229 Cisco TelePresence Video Communication Server Session Initiation Protocol Denial of Service Vulnerabilities - - - - - - - - - - - - - - - - - - Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. - - - - - - - - - http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf - - - - - - - - - - - - - - - - - - - - - - - Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746. - - - - - - - - - http://www.cisco.com/web/software/280775065/89203/ASA-843-Interim-Release-Notes.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. - - - - - - - - - - - http://www.cisco.com/en/US/docs/voice_ip_comm/meetingplace/7_1/english/release_notes/mp71rn.html - - - - - - - - - - Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113. - - - - - - - - - https://supportforums.cisco.com/thread/2030226 - http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXH_rebuilds.html - - - - - - - - - - - - - Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/release/notes/caveats_SXF_rebuilds.html - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410. - Additional information can be found at: -http://www.secureworks.com/research/advisories/SWRX-2012-001/ - - - - - - - - - - http://www.secureworks.com/research/advisories/SWRX-2012-001/ - http://tools.cisco.com/security/center/viewAlert.x?alertId=25045 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series switches; 4.x and 5.0.x before 5.0(2)N1(1) on Nexus 5000 series switches; and 4.2.x before 4.2.8, 5.0.x before 5.0.5, and 5.1.x before 5.1.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (netstack process crash and device reload) via a malformed IP packet, aka Bug IDs CSCti23447, CSCti49507, and CSCtj01991. - - - - - - - - - 20120215 Cisco NX-OS Malformed IP Packet Denial of Service Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) does not properly handle flows, which allows remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441. - - - - - - - - - 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Threat Detection feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.0 through 8.2 before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) allows remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger a shun event, aka Bug ID CSCtw35765. - - - - - - - - - 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(2.11) and 8.5 before 8.5(1.4) allow remote attackers to cause a denial of service (device reload) via (1) IPv4 or (2) IPv6 packets that trigger syslog message 305006, aka Bug ID CSCts39634. - - - - - - - - - 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 through 7.2 before 7.2(5.7), 8.0 before 8.0(5.27), 8.1 before 8.1(2.53), 8.2 before 8.2(5.8), 8.3 before 8.3(2.25), 8.4 before 8.4(2.5), and 8.5 before 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 series devices, when multicast routing is enabled, allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367. - - - - - - - - - 20120314 Cisco Firewall Services Module Crafted Protocol Independent Multicast Message Denial of Service Vulnerability - 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the Cisco Port Forwarder ActiveX control in cscopf.ocx, as distributed through the Clientless VPN feature on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), allows remote attackers to execute arbitrary code via unspecified vectors, aka Bug ID CSCtr00165. - - - - - - - - - - - 20120314 Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Cisco Cius with software before 9.2(1) SR2 allows remote attackers to cause a denial of service (device crash or hang) via malformed network traffic, aka Bug ID CSCto71445. - Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cius - -'Vulnerable Products -The following products are affected by the vulnerability detailed in this advisory: - - * Cius Wifi devices running Cius Software Version 9.2(1) SR1 and prior' - - - - - - - - - 20120229 Cisco Cius Denial of Service Vulnerability - - - - - - - - - - - - - - - - - - - The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315. - - - - - - - - - http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html - - - - - - - - - - - - - - - - - The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106. - - - - - - - - - [cisco-nsp] 20120202 Ambiguous ACL - - - - - - - - - - - The web interface on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability," aka Bug ID CSCtt46871. - - - - - - - - - - - 20120223 Cisco Small Business SRP 500 Series Multiple Vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. - - - - - - - - - 20120223 Cisco Small Business SRP 500 Series Multiple Vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in the Local TFTP file-upload application on Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allows remote authenticated users to upload software to arbitrary directories via unspecified vectors, aka Bug ID CSCtw56009. - - - - - - - - - - - 20120223 Cisco Small Business SRP 500 Series Multiple Vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. - - - - - - - - - - - 20120229 Multiple Vulnerabilities in Cisco Unity Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before 8.5.1(Su3), and 8.6 before 8.6.2 allows remote attackers to cause a denial of service (services crash) via a series of crafted TCP segments, aka Bug ID CSCtq67899. - - - - - - - - - 20120229 Multiple Vulnerabilities in Cisco Unity Connection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The administrative management interface on Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allows remote attackers to cause a denial of service (device crash) via a malformed URL in an HTTP request, aka Bug ID CSCts81997. - - - - - - - - - 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (device reload) via a sequence of IPv6 packets, aka Bug ID CSCtt07949. - - - - - - - - - 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435. - - - - - - - - - 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709. - - - - - - - - - - - 20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. - - - - - - - - - http://www.cisco.com/en/US/docs/voice_ip_comm/cucmbe/rel_notes/8_5_1/cucmbe-rel_notes-851.html - - - - - - - - - - Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854. - - - - - - - - - http://www.cisco.com/web/software/280775065/89203/ASA-843-Interim-Release-Notes.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429. - - - - - - - - - ciscoios-ike-packet-dos(74427) - 52757 - 20120328 Cisco IOS Internet Key Exchange Vulnerability - 48607 - 80700 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857. - - - - - - - - - 52759 - 20120328 Cisco IOS Software Multicast Source Discovery Protocol Vulnerability - 80693 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326. - - - - - - - - - 20120328 Cisco IOS Software Network Address Translation Vulnerability - 80701 - - - - - - - - - - - - Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106. - - - - - - - - - - - 20120328 Cisco IOS Software Command Authorization Bypass - 80704 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051. - - - - - - - - - 20120328 Cisco IOS Software Smart Install Denial of Service Vulnerability - 80694 - - - - - - - - - - - - - The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064. - - - - - - - - - 20120328 Cisco IOS Software Reverse SSH Denial of Service Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153. - - - - - - - - - 20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities - 80697 - - - - - - - - - - - - - Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553. - - - - - - - - - 20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter. - - - - - - - - - - http://www.mailenable.com/kb/Content/Article.asp?ID=me020567 - mailenable-forgottenpassword-xss(72380) - 1026519 - 51401 - http://www.nerv.fi/CVE-2012-0389.txt - 18447 - 47562 - 47518 - 78242 - 20120112 ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. - - - - - - - - - http://www.isg.rhul.ac.uk/~kp/dtls.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. - - - - - - - - - - - https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt - https://issues.apache.org/jira/browse/WW-3668 - 18329 - http://struts.apache.org/2.x/docs/version-notes-2311.html - http://struts.apache.org/2.x/docs/s2-008.html - 47393 - 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. - - - - - - - - - - - https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt - [dailydave] 20120106 Apache Struts - 18329 - http://struts.apache.org/2.x/docs/version-notes-2311.html - http://struts.apache.org/2.x/docs/s2-008.html - 47393 - 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object. - - - - - - - - - - https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt - 18329 - http://struts.apache.org/2.x/docs/version-notes-2311.html - http://struts.apache.org/2.x/docs/s2-008.html - 47393 - 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." - - - - - - - - - - - https://www.sec-consult.com/files/20120104-0_Apache_Struts2_Multiple_Critical_Vulnerabilities.txt - 18329 - http://struts.apache.org/2.x/docs/version-notes-2311.html - http://struts.apache.org/2.x/docs/s2-008.html - 20120105 SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. - - - - - - - - - - - 20120126 ESA-2012-005: EMC NetWorker buffer overflow vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. - - - - - - - - - emc-documentum-info-disc(72994) - 51863 - 1026639 - 47920 - 20120203 ESA-2012-010: EMC Documentum xPlore information disclosure vulnerability - - - - - - - - - - - - - Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. - - - - - - - - - - - 20120305 ESA-2012-013: RSA SecurID(r) Software Token Converter buffer overflow vulnerability - - - - - - - - - - EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. - - - - - - - - - - - 20120313 ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 52557 - 80206 - 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities - - - - - - - - - - - - - - EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. - - - - - - - - - - - envision-weak-security(74140) - 52557 - 80207 - 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - envision-unspec-sql-injection(74137) - 52557 - 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities - - - - - - - - - - - - - - EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. - - - - - - - - - - - envision-default-account(74138) - 52557 - 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities - - - - - - - - - - - - - - Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. - - - - - - - - - envision-unspec-dir-traversal(74139) - 52557 - 80210 - 20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 20120313 ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities - - - - - - - - - - - - - The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. - - - - - - - - - 1026956 - 20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities - 18688 - http://aluigi.altervista.org/adv/dpa_1-adv.txt - - - - - - - - - - - - - Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. - - - - - - - - - 1026956 - 20120418 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities - 18688 - http://aluigi.altervista.org/adv/dpa_1-adv.txt - - - - - - - - - - - - - Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. - - - - - - - - - - - 20120522 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities - - - - - - - - - - - - - - - Directory traversal vulnerability in WebAccess in Novell GroupWise before 8.03 allows remote attackers to read arbitrary files via the User.interface parameter. - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=712163 - http://www.novell.com/support/kb/doc.php?id=7000708 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager and Spacewalk uses world-readable permissions for /etc/auditlog-keeper.conf, which allows local users to obtain passwords by reading this file. - - - - - - - - - https://bugzilla.novell.com/771335 - SUSE-SU-2012:0958 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=718319 - bugzilla-jsonrpc-csrf(72882) - 1026623 - http://www.bugzilla.org/security/3.4.13/ - 47814 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=715073 - http://www.mozilla.org/security/announce/2012/mfsa2012-39.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=705347 - https://bugzilla.mozilla.org/show_bug.cgi?id=693399 - http://www.mozilla.org/security/announce/2012/mfsa2012-01.html - MDVSA-2012:013 - DSA-2400 - oval:org.mitre.oval:def:14678 - openSUSE-SU-2012:0234 - SUSE-SU-2012:0221 - SUSE-SU-2012:0198 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=715662 - https://bugzilla.mozilla.org/show_bug.cgi?id=714600 - https://bugzilla.mozilla.org/show_bug.cgi?id=713209 - https://bugzilla.mozilla.org/show_bug.cgi?id=712289 - https://bugzilla.mozilla.org/show_bug.cgi?id=712169 - https://bugzilla.mozilla.org/show_bug.cgi?id=711651 - https://bugzilla.mozilla.org/show_bug.cgi?id=707051 - https://bugzilla.mozilla.org/show_bug.cgi?id=696748 - https://bugzilla.mozilla.org/show_bug.cgi?id=695076 - https://bugzilla.mozilla.org/show_bug.cgi?id=692817 - https://bugzilla.mozilla.org/show_bug.cgi?id=684938 - https://bugzilla.mozilla.org/show_bug.cgi?id=665578 - http://www.mozilla.org/security/announce/2012/mfsa2012-01.html - MDVSA-2012:013 - oval:org.mitre.oval:def:14444 - openSUSE-SU-2012:0234 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=719612 - mozilla-nschildview-code-exec(72858) - 51753 - http://www.mozilla.org/security/announce/2012/mfsa2012-07.html - MDVSA-2012:013 - DSA-2400 - oval:org.mitre.oval:def:14464 - openSUSE-SU-2012:0234 - SUSE-SU-2012:0221 - SUSE-SU-2012:0198 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=701071 - mozilla-iframeelement-security-bypass(72835) - 51765 - http://www.mozilla.org/security/announce/2012/mfsa2012-03.html - MDVSA-2012:013 - oval:org.mitre.oval:def:14907 - 78735 - openSUSE-SU-2012:0234 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=705651 - mozilla-xpconnect-xss(72837) - 51752 - http://www.mozilla.org/security/announce/2012/mfsa2012-05.html - MDVSA-2012:013 - oval:org.mitre.oval:def:14304 - openSUSE-SU-2012:0234 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=710079 - mozilla-mimagebuffersize-info-disclosure(72856) - http://www.mozilla.org/security/announce/2012/mfsa2012-06.html - MDVSA-2012:013 - oval:org.mitre.oval:def:14912 - openSUSE-SU-2012:0234 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=714472 - bugzilla-unspecified-spoofing(72877) - 1026623 - 51784 - http://www.bugzilla.org/security/3.4.13/ - 47814 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=702466 - https://bugzilla.mozilla.org/show_bug.cgi?id=701806 - mozilla-xsltstylesheets-code-execution(72868) - 51754 - http://www.mozilla.org/security/announce/2012/mfsa2012-08.html - MDVSA-2012:013 - DSA-2400 - oval:org.mitre.oval:def:14618 - openSUSE-SU-2012:0234 - SUSE-SU-2012:0221 - SUSE-SU-2012:0198 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=716868 - mozilla-keyhtml-info-disclosure(72869) - http://www.mozilla.org/security/announce/2012/mfsa2012-09.html - MDVSA-2012:013 - oval:org.mitre.oval:def:14670 - 78741 - openSUSE-SU-2012:0234 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=717511 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-15.html - 48629 - 48553 - 48513 - 48496 - oval:org.mitre.oval:def:14909 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=724284 - USN-1360-1 - 51975 - http://www.mozilla.org/security/announce/2012/mfsa2012-10.html - MDVSA-2012:018 - MDVSA-2012:017 - oval:org.mitre.oval:def:15017 - SUSE-SU-2012:0261 - openSUSE-SU-2012:0258 - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=725663 - http://www.bugzilla.org/security/4.0.4/ - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=684555 - http://www.mozilla.org/security/announce/2012/mfsa2012-12.html - 48629 - oval:org.mitre.oval:def:14258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=704354 - USN-1401-1 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-13.html - DSA-2433 - 48629 - 48553 - 48513 - 48496 - 48495 - oval:org.mitre.oval:def:14829 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=711653 - USN-1401-1 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-14.html - DSA-2433 - 48629 - 48553 - 48513 - 48496 - 48495 - oval:org.mitre.oval:def:15007 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=720103 - USN-1401-1 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-14.html - 48629 - 48553 - 48513 - 48496 - 48495 - oval:org.mitre.oval:def:14775 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=723808 - https://bugzilla.mozilla.org/show_bug.cgi?id=719994 - https://bugzilla.mozilla.org/show_bug.cgi?id=718203 - USN-1401-1 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-16.html - DSA-2433 - 48629 - 48553 - 48513 - 48496 - 48495 - oval:org.mitre.oval:def:15122 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=723446 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-17.html - 48629 - 48553 - 48513 - 48496 - oval:org.mitre.oval:def:15066 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=727303 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-18.html - 48629 - 48553 - 48513 - 48496 - oval:org.mitre.oval:def:15114 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=730425 - https://bugzilla.mozilla.org/show_bug.cgi?id=657588 - USN-1401-1 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-19.html - DSA-2433 - 48629 - 48553 - 48513 - 48496 - 48495 - oval:org.mitre.oval:def:15009 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=727330 - https://bugzilla.mozilla.org/show_bug.cgi?id=720380 - https://bugzilla.mozilla.org/show_bug.cgi?id=718516 - https://bugzilla.mozilla.org/show_bug.cgi?id=718202 - https://bugzilla.mozilla.org/show_bug.cgi?id=714590 - https://bugzilla.mozilla.org/show_bug.cgi?id=712572 - https://bugzilla.mozilla.org/show_bug.cgi?id=705855 - https://bugzilla.mozilla.org/show_bug.cgi?id=701269 - https://bugzilla.mozilla.org/show_bug.cgi?id=699033 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-19.html - 48629 - 48553 - 48513 - 48496 - oval:org.mitre.oval:def:15012 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=688208 - http://www.mozilla.org/security/announce/2012/mfsa2012-19.html - 48629 - 48553 - oval:org.mitre.oval:def:15143 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=735104 - https://bugzilla.mozilla.org/show_bug.cgi?id=720079 - http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663 - http://www.zdnet.com/blog/security/mozilla-knew-of-pwn2own-bug-before-cansecwest/10757 - USN-1401-1 - USN-1400-5 - USN-1400-4 - USN-1400-3 - USN-1400-2 - http://www.mozilla.org/security/announce/2012/mfsa2012-19.html - 48629 - 48553 - 48513 - 48496 - 48495 - http://pwn2own.zerodayinitiative.com/status.html - oval:org.mitre.oval:def:14170 - openSUSE-SU-2012:0417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=728639 - FEDORA-2012-6282 - FEDORA-2012-6396 - FEDORA-2012-6368 - 20120418 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=745397 - FEDORA-2012-6282 - FEDORA-2012-6396 - FEDORA-2012-6368 - 20120418 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=740595 - https://bugzilla.mozilla.org/show_bug.cgi?id=737875 - https://bugzilla.mozilla.org/show_bug.cgi?id=737384 - https://bugzilla.mozilla.org/show_bug.cgi?id=737182 - https://bugzilla.mozilla.org/show_bug.cgi?id=737129 - https://bugzilla.mozilla.org/show_bug.cgi?id=736609 - https://bugzilla.mozilla.org/show_bug.cgi?id=736589 - https://bugzilla.mozilla.org/show_bug.cgi?id=735943 - https://bugzilla.mozilla.org/show_bug.cgi?id=735073 - https://bugzilla.mozilla.org/show_bug.cgi?id=733979 - https://bugzilla.mozilla.org/show_bug.cgi?id=733282 - https://bugzilla.mozilla.org/show_bug.cgi?id=732951 - https://bugzilla.mozilla.org/show_bug.cgi?id=732941 - https://bugzilla.mozilla.org/show_bug.cgi?id=726502 - https://bugzilla.mozilla.org/show_bug.cgi?id=726332 - https://bugzilla.mozilla.org/show_bug.cgi?id=723453 - https://bugzilla.mozilla.org/show_bug.cgi?id=720305 - https://bugzilla.mozilla.org/show_bug.cgi?id=716556 - https://bugzilla.mozilla.org/show_bug.cgi?id=714614 - https://bugzilla.mozilla.org/show_bug.cgi?id=708825 - https://bugzilla.mozilla.org/show_bug.cgi?id=706381 - https://bugzilla.mozilla.org/show_bug.cgi?id=680456 - 53223 - http://www.mozilla.org/security/announce/2012/mfsa2012-20.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=714616 - 53221 - http://www.mozilla.org/security/announce/2012/mfsa2012-20.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=738985 - 53220 - http://www.mozilla.org/security/announce/2012/mfsa2012-22.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=734288 - 53225 - http://www.mozilla.org/security/announce/2012/mfsa2012-23.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=715319 - 53219 - http://www.mozilla.org/security/announce/2012/mfsa2012-24.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=744480 - 53218 - http://www.mozilla.org/security/announce/2012/mfsa2012-25.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=743475 - 53231 - http://www.mozilla.org/security/announce/2012/mfsa2012-26.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=737307 - https://bugzilla.mozilla.org/show_bug.cgi?id=687745 - 53228 - http://www.mozilla.org/security/announce/2012/mfsa2012-27.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=694576 - 53230 - http://www.mozilla.org/security/announce/2012/mfsa2012-28.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=718573 - 53229 - http://www.mozilla.org/security/announce/2012/mfsa2012-29.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=727547 - firefox-teximage2d-dos(75155) - 53227 - http://www.mozilla.org/security/announce/2012/mfsa2012-30.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=714631 - 53224 - http://www.mozilla.org/security/announce/2012/mfsa2012-33.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors. - - - - - - - - - mysql-server-info-disc(72525) - 51515 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78372 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492. - - - - - - - - - mysql-serveruns4-dos(72526) - 51513 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78383 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. - - - - - - - - - mysql-serveruns5-dos(72527) - 51514 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78384 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. - - - - - - - - - mysql-serveruns6-dos(72528) - 51503 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78385 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. - - - - - - - - - mysql-serveruns7-dos(72529) - 51506 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78386 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. - - - - - - - - - mysql-serveruns8-dos(72530) - 51510 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78387 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. - - - - - - - - - mysql-serveruns9-dos(72531) - 51524 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78388 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495. - - - - - - - - - mysql-serveruns10-dos(72532) - 51518 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78389 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485. - - - - - - - - - mysql-serveruns14-dos(72537) - 51516 - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78393 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495. - - - - - - - - - mysql-serveruns15-dos(72538) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78394 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors. - - - - - - - - - mysql-serveruns16-dos(72540) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78375 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493. - - - - - - - - - mysql-serveruns11-dos(72533) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78390 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. - - - - - - - - - - mysql-server-cve20120496(72518) - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html - 78371 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client and server deployments of Java. This vulnerability can be exploited through Untrusted Java Web Start applications and Untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - 48589 - oval:org.mitre.oval:def:14772 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client and server deployments of Java. This vulnerability can be exploited through Untrusted Java Web Start applications and Untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - 48589 - oval:org.mitre.oval:def:15075 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client and server deployments of Java. This vulnerability can be exploited through Untrusted Java Web Start applications and Untrusted Java applets. It can also be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - 48589 - oval:org.mitre.oval:def:14878 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - 48589 - oval:org.mitre.oval:def:14844 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - 48589 - oval:org.mitre.oval:def:15069 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - 48589 - oval:org.mitre.oval:def:14900 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - 48589 - oval:org.mitre.oval:def:14813 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability is in the Java Update mechanism.' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - 48589 - oval:org.mitre.oval:def:14890 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - 48589 - oval:org.mitre.oval:def:13976 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - 48589 - oval:org.mitre.oval:def:14082 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html 'Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.)' - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=788994 - 52161 - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3 - 48589 - http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ - http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - -'Applies to client deployments of Java.' - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vectors. - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors. - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management. - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eCompensation Manager Desktop. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. - - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework. - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors related to Human Resources. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to sgepasswd. - - - - - - - - - - - 1026950 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management. - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management. - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management. - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework. - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect integrity via unknown vectors related to eProcurement. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Receivables. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session. - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Change Password Page. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Runtime Catalog. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 10.1.3.4.1 and 10.1.3.4.2 allows remote attackers to affect integrity via unknown vectors related to Administration. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core. - - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core. - - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. - - - - - - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP). - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.0.2 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API. - - - - - - - - - - - 1026937 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Container. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. - - - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.2.1, 8.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web application. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Billing. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to PIA Core Technology. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Query. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Install. - - - - - - - - - - 1026937 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 6.0.0 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal. - - - - - - - - - 1026937 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core. - - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core. - - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Core. - - - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 6.0.1 and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Help. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect availability via unknown vectors related to Core. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.0.0 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal. - - - - - - - - - 1026937 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 6.0.0 allows remote attackers to affect integrity, related to SCRM - Company Profiles. - - - - - - - - - 1026937 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM. - - - - - - - - - 53061 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. - - - - - - - - - - APPLE-SA-2012-03-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589. - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589. - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588. - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation. - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. - - - - - - - - - - - - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-2 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. - - - - - - - - - APPLE-SA-2012-03-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. - - - - - - - - - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. - - - - - - - - - - - - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. - - - - - - - - - - - - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. - - - - - - - - - - - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. - - - - - - - - - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. - - - - - - - - - - - - APPLE-SA-2012-03-07-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. - - - - - - - - - APPLE-SA-2012-03-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2012-03-07-1. - - - - - - - - - - - - APPLE-SA-2012-03-12-1 - APPLE-SA-2012-03-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. - - - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. - - - - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. - - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. - - - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. - - - - - - - - - 53473 - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. - - - - - - - - - - - - 53465 - 53445 - http://support.apple.com/kb/HT5281 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. - - - - - - - - - - - - 53467 - 53445 - http://support.apple.com/kb/HT5281 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. - - - - - - - - - - - - 53469 - 53445 - http://support.apple.com/kb/HT5281 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. - - - - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. - - - - - - - - - - - 53468 - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. - - - - - - - - - - - - 53571 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text track in a movie file. - - - - - - - - - - - - 53574 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. - - - - - - - - - - - - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the plugin in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTMovie object. - - - - - - - - - - - - 53577 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer signedness error in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTVR movie file. - - - - - - - - - - - - 53583 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding. - - - - - - - - - - - - 53579 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. - - - - - - - - - - - - 53580 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file. - - - - - - - - - - - - 53582 - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file. - - - - - - - - - - - - http://support.apple.com/kb/HT5261 - APPLE-SA-2012-05-15-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. - - - - - - - - - - - - http://support.apple.com/kb/HT5282 - 47292 - APPLE-SA-2012-05-09-2 - APPLE-SA-2012-05-07-1 - APPLE-SA-2012-06-11-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. - - - - - - - - - - APPLE-SA-2012-05-07-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. - - - - - - - - - 53445 - http://support.apple.com/kb/HT5281 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. - - - - - - - - - http://support.apple.com/kb/HT5282 - 47292 - APPLE-SA-2012-05-09-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. - - - - - - - - - - - - APPLE-SA-2012-06-11-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML via a feed:// URL. - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL. - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. - - - - - - - - - http://support.apple.com/kb/HT5433 - APPLE-SA-2012-08-20-1 - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. - - - - - - - - - - - - http://technet.microsoft.com/en-us/security/msvr/msvr12-001 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. - - - - - - - - - - - - http://technet.microsoft.com/en-us/security/msvr/msvr12-001 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL. - - - - - - - - - http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp - http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt - http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt - http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt - http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp - http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors. - - - - - - - - - http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp - http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt - - - - - - - - - - - - - - - - - - - - - - - - - - TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL. - - - - - - - - - http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp - http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt - - - - - - - - - - - - - - - - - - - - - - - - - ** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote attackers to inject arbitrary code into a subject field via crafted ticket data, a different vulnerability than CVE-2011-5061. NOTE: the vendor disputes this issue, noting that some of the details overlap CVE-2011-5061, but that it "says it affects V5.0.3, and the submitticket.php file, both of which are wrong." - - - - - - - - - http://www.oscommerceuniversity.com/lounge/index.php/topic,1209.0.html - http://www.oscommerceuniversity.com/lounge/index.php/board,23.0.html - - - - - - - - - - Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. - - - - - - - - - - - oval:org.mitre.oval:def:14268 - http://googlechromereleases.blogspot.com/2012/01/beta-channel-update-for-chromebooks.html - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js. - - - - - - - - - - cevtm1-aspnetclient-createcontrol-xss(72198) - 51326 - 78217 - 78216 - PM26682 - 1026491 - 47487 - - - - - - - - - - - - - - - HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788. - - - - - - - - - - - - http://zerodayinitiative.com/advisories/ZDI-12-015/ - storageworks-array-default-account(72372) - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section. - - - - - - - - - - wle-coach-xss(73376) - IC79890 - 48055 - - - - - - - - - - - Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch. - - - - - - - - - - - rcq-cqole-activex-bo(73492) - http://www.ibm.com/support/docview.wss?uid=swg21591705 - - - - - - - - - - - - - - - - - - - - - - - IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. - - - - - - - - - db2-createvariable-security-bypass(73493) - http://www-01.ibm.com/support/docview.wss?uid=swg21588100 - IC81836 - IC81390 - IC81387 - oval:org.mitre.oval:def:15004 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. - - - - - - - - - db2-drda-dos(73494) - http://www-01.ibm.com/support/docview.wss?uid=swg21588090 - IC76902 - IC76901 - IC76899 - IC76781 - oval:org.mitre.oval:def:15078 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow. - - - - - - - - - - - db2-db2dasrrm-bo(73495) - http://www-01.ibm.com/support/docview.wss?uid=swg21588093 - IC80729 - IC80728 - IC80561 - oval:org.mitre.oval:def:14842 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. - - - - - - - - - db2-xmlfeature-dos(73496) - http://www-01.ibm.com/support/docview.wss?uid=swg21588098 - IC81837 - IC81380 - IC81379 - oval:org.mitre.oval:def:14450 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. - - - - - - - - - IC81462 - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - ibm-maximo-csrf(73534) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV16497 - IV16085 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in IBM Tivoli Change and Configuration Management Database (CCMDB) 7.2.1 and IBM ILOG JViews Gantt allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - ijg-gav-xss(73587) - IV16174 - http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IV16174 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 52722 - http://www.ibm.com/support/docview.wss?uid=swg21595172 - - - - - - - - - - - - - - - - - - - - - - - - - IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors. - - - - - - - - - http://www.ibm.com/support/docview.wss?uid=swg21595172 - PM52351 - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manager (TEM) 8 before 8.2 patch 3 allows remote attackers to inject arbitrary web script or HTML via the ScheduleParam parameter to the webreports program. - - - - - - - - - - tem-scheduleparam-xss(74039) - http://www-01.ibm.com/support/docview.wss?uid=swg21587743 - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. - - - - - - - - - - was-isc-xss(74044) - http://www.ibm.com/support/docview.wss?uid=swg21595172 - PM52274 - - - - - - - - - - - - - - - - - - - - - - - - - The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. - - - - - - - - - aix-dupmsg-dos(74134) - IV22697 - IV22696 - IV22695 - IV22694 - IV22693 - http://aix.software.ibm.com/aix/efixes/security/syscall_advisory.asc - - - - - - - - - - - - - - - Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0725. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-07.html - oval:org.mitre.oval:def:15533 - http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-07.html - oval:org.mitre.oval:def:14628 - http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The default configuration of TLS in IBM Tivoli Directory Server (TDS) 6.3 and earlier supports the (1) NULL-MD5 and (2) NULL-SHA ciphers, which allows remote attackers to trigger unencrypted communication via the TLS Handshake Protocol. - - - - - - - - - - 1026939 - IO16036 - IO16035 - IO15761 - http://www-01.ibm.com/support/docview.wss?uid=swg21591272 - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - ibm-maximo-sql-injection-iv17963(74306) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV17963 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - ibm-maximo-sql-injection-iv17964(74307) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV17964 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors. - Per: http://cwe.mitre.org/data/definitions/434.html - -'Unrestricted Upload of File with Dangerous Type' - - - - - - - - - - - appscan-file-upload(74366) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allow remote attackers to hijack the authentication of administrators for requests that create administrative accounts. - - - - - - - - - - - - ae-multiple-csrf(74370) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors. - - - - - - - - - ae-config-info-disclosure(74371) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. - - - - - - - - - - - ae-ecc-spoofing(74389) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. - - - - - - - - - - - - ae-serviceacct-session-hijacking(74374) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job. - - - - - - - - - - - ae-importjob-info-disclosure(74557) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI. - - - - - - - - - - - ae-fileuri-info-disclosure(74558) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly create scan jobs, which allows remote attackers to execute arbitrary code via a crafted web site. - - - - - - - - - - - - ae-platformauth-code-execution(74559) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - appscan-enterprise-xss(74560) - http://www.ibm.com/support/docview.wss?uid=swg21592188 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - tds-wat-xss(74610) - IO16016 - IO14508 - http://www-01.ibm.com/support/docview.wss?uid=swg24032291 - http://www-01.ibm.com/support/docview.wss?uid=swg24032290 - - - - - - - - - - - - - - - - - - IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data. - - - - - - - - - tep-aopsclog-info-disclosure(74641) - OA38586 - - - - - - - - - - IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. - - - - - - - - - 1026938 - IO16002 - IO16001 - IO15707 - http://www-01.ibm.com/support/docview.wss?uid=swg21591267 - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script. - - - - - - - - - rcq-installscripts-info-disclosure(74671) - http://www.ibm.com/support/docview.wss?uid=swg21606317 - http://www.ibm.com/support/docview.wss?uid=swg21599361 - PM66896 - - - - - - - - - - - - - - - - - - - - - - - - - - - - The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. - - - - - - - - - - - aix-getpwnam-privilege-escalation(74679) - IV19098 - IV19097 - IV19077 - IV18638 - IV18637 - IV18464 - http://aix.software.ibm.com/aix/efixes/security/ldapauth_advisory2.asc - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - ibm-maximo-xss-iv17961(74726) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV17961 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - ibm-maximo-sql-injection-iv16032(74731) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV16032 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - oval:org.mitre.oval:def:14985 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion." - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - GLSA-201204-07 - RHSA-2012:0144 - oval:org.mitre.oval:def:14654 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - GLSA-201204-07 - RHSA-2012:0144 - oval:org.mitre.oval:def:14795 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - GLSA-201204-07 - RHSA-2012:0144 - oval:org.mitre.oval:def:15030 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - GLSA-201204-07 - RHSA-2012:0144 - oval:org.mitre.oval:def:14731 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - GLSA-201204-07 - RHSA-2012:0144 - oval:org.mitre.oval:def:14881 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - adobe-shockwave-3d-code-exec(73174) - 52001 - 79241 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - shockwave-3d-code-exec(73175) - 52002 - 79242 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0764, and CVE-2012-0766. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0766. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - 52004 - 79244 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories. - - - - - - - - - - adobe-robohelp-output-xss(73179) - 1026676 - 52008 - http://www.adobe.com/support/security/bulletins/apsb12-04.html - 47936 - 79251 - - - - - - - - - - - - - - - - - The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, and CVE-2012-0764. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-02.html - 79245 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-03.html - GLSA-201204-07 - RHSA-2012:0144 - oval:org.mitre.oval:def:14806 - openSUSE-SU-2012:0265 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-05.html - GLSA-201204-07 - oval:org.mitre.oval:def:15058 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-05.html - GLSA-201204-07 - oval:org.mitre.oval:def:14828 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. - Per: http://cwe.mitre.org/data/definitions/407.html - -'CWE-407: Algorithmic Complexity' - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-06.html - - - - - - - - - - - - - An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-07.html - 1026859 - 48618 - oval:org.mitre.oval:def:15266 - 80706 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-07.html - 1026859 - GLSA-201204-07 - 48618 - oval:org.mitre.oval:def:15391 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-08.html - 1026908 - 52951 - oval:org.mitre.oval:def:14860 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-08.html - 1026908 - 52949 - oval:org.mitre.oval:def:15477 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-08.html - 1026908 - oval:org.mitre.oval:def:15270 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. - - - Per: http://www.adobe.com/support/security/bulletins/apsb12-08.html - -'These updates resolve a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only).' - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-08.html - 1026908 - 52950 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-12.html - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012. - - - - - - - - - - - - adobe-flash-objecttype-code-exec(75383) - 1027023 - 53395 - http://www.adobe.com/support/security/bulletins/apsb12-09.html - 49096 - 49038 - 81656 - openSUSE-SU-2012:0594 - SUSE-SU-2012:0592 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-10.html - 53422 - - - - - - - - - - - - - - - - - - - - - - - - - The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. - - - - - - - - - 18370 - 48668 - openSUSE-SU-2012:0426 - http://cxsecurity.com/research/103 - 20120114 PHP 5.3.8 Multiple vulnerabilities - - - - - - - - - - ** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance. - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt - 18417 - 20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783605 - https://bugs.php.net/bug.php?id=55776 - http://www.php.net/ChangeLog-5.php#5.3.9 - 48668 - openSUSE-SU-2012:0426 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783609 - https://bugs.php.net/bug.php?id=53502 - http://www.php.net/ChangeLog-5.php#5.3.9 - 48668 - openSUSE-SU-2012:0426 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783584 - https://bugs.gentoo.org/show_bug.cgi?id=399553 - 51584 - [oss-security] 20120120 Re: CVE request: smokeping XSS - 47678 - http://oss.oetiker.ch/smokeping/pub/CHANGES - http://holisticinfosec.org/content/view/188/45/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 5.0.18 and Horde Groupware Webmail Edition before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) composeCache, (2) rtemode, or (3) filename_* parameters to the compose page; (4) formname parameter to the contacts popup window; or (5) IMAP mailbox names. NOTE: some of these details are obtained from third party information. - - - - - - - - - - 1026554 - 1026553 - 51586 - [oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws - http://www.horde.org/apps/webmail/docs/RELEASE_NOTES - http://www.horde.org/apps/webmail/docs/CHANGES - http://www.horde.org/apps/imp/docs/RELEASE_NOTES - http://www.horde.org/apps/imp/docs/CHANGES - 47592 - 47580 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=36b0ddeed45d0751508dcd9fa50f17fda43bae54 - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194009 - - - - - - - - - - - - - - - - - - - - - - - - - Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5 - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194012 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=98456628a24bba25d336860d38a45b5a4e3895da - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194014 - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-13572 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=62988bf0bbc73df655f51884aaf1f523928abff9 - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194015 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194016 - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126 - - - - - - - - - - - - - - - - - - - - - The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194017 - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29469 - - - - - - - - - - - - - - Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194018 - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27334 - - - - - - - - - - - - - - - - - - - - The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=6e9989dbd3f261b2e1586ff77b0bf22fc7091485 - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194019 - - - - - - - - - - - - - - - - - - - - - lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. - - - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48 - https://bugzilla.redhat.com/show_bug.cgi?id=783532 - http://moodle.org/mod/forum/discuss.php?d=194020 - - - - - - - - - - - - - - Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer. - - - - - - - - - - - http://www.spamdyke.org/documentation/Changelog.txt - 51440 - 78351 - [oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability - [spamdyke-release] 20120115 New version: spamdyke 4.3.0 - GLSA-201203-01 - 48257 - 47548 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=784141 - cvs-proxyconnect-bo(73097) - 51943 - 78987 - DSA-2407 - USN-1371-1 - 48150 - 48142 - 48063 - 47869 - RHSA-2012:0321 - openSUSE-SU-2012:0310 - - - - - - - - - - - Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. - - - - - - - - - - - http://www.sqlalchemy.org/trac/changeset/852b6a1a87e7/ - https://bugs.launchpad.net/keystone/+bug/918608 - sqlalchemy-select-sql-injection(73756) - http://www.sqlalchemy.org/changelog/CHANGES_0_7_0 - DSA-2449 - 48771 - 48328 - 48327 - RHSA-2012:0369 - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors. - - - - - - - - - - - https://projects.duckcorp.org/projects/bip/repository/revisions/222a33cb84a2e52ad55a88900b7895bf9dd0262c - https://projects.duckcorp.org/issues/269 - [oss-security] 20120124 Re: CVE request: bip buffer overflow - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657217 - 47679 - [oss-security] 20120124 CVE request: bip buffer overflow - FEDORA-2012-0916 - FEDORA-2012-0941 - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the suhosin_encrypt_single_cookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long string that is used in a Set-Cookie HTTP header. - - - - - - - - - - - https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa - https://bugzilla.redhat.com/show_bug.cgi?id=783350 - [oss-security] 20120124 CVE requests: Suhosin extension / as31 - [oss-security] 20120124 Re: CVE requests: Suhosin extension / as31 - 48668 - openSUSE-SU-2012:0426 - 20120119 Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack. - - - - - - - - - - [oss-security] 20120831 Re: Three CVE requests: at-spi2-atk, as31, naxsi - [oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi - [oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi - [oss-security] 20120124 CVE requests: Suhosin extension / as31 - [oss-security] 20120124 Re: CVE requests: Suhosin extension / as31 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655496 - - - - - - - - - - Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. - - - - - - - - - - - - http://www.sudo.ws/sudo/alerts/sudo_debug.html - http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt - 20120130 Advisory: sudo 1.8 Format String Vulnerability - - - - - - - - - - - - - - - - Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information. - - - - - - - - - https://launchpad.net/wicd/+announcement/9570 - 51703 - [oss-security] 20120126 Re: CVE request: wicd writes sensitive information in log files (password, passphrase...) - [oss-security] 20120126 CVE request: wicd writes sensitive information in log files (password, passphrase...) - GLSA-201206-08 - 49657 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417 - http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. - - - - - - - - - opensshserver-commands-info-disc(72756) - 51702 - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c.diff?r1=1.53;r2=1.54 - http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-options.c - 78706 - [oss-security] 20120127 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients - [oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients - [oss-security] 20120126 Re: CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients - [oss-security] 20120126 CVE Request: Debian (others?) openssh-server: Forced Command handling leaks private information to ssh clients - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657445 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. - - - - - - - - - - - - http://rpm.org/wiki/Releases/4.9.1.3 - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=858a328cd0f7d4bcd8500c78faaf00e4f8033df6 - http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=472e569562d4c90d7a298080e0052856aa7fa86b - openSUSE-SU-2012:0589 - openSUSE-SU-2012:0588 - https://bugzilla.redhat.com/show_bug.cgi?id=744104 - 52865 - 81009 - 49110 - 48716 - 48651 - RHSA-2012:0451 - FEDORA-2012-5421 - FEDORA-2012-5420 - FEDORA-2012-5298 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. - - - - - - - - - http://www.samba.org/samba/security/CVE-2012-0817 - http://www.samba.org/samba/history/samba-3.6.3.html - 47763 - FEDORA-2012-1098 - - - - - - - - - - - - Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0821. - - - - - - - - - http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html - 78517 - [oss-security] 20120129 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120126 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Fwd Joomla! Security News 2012-01 - http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html - 47753 - http://developer.joomla.org/security/news/382-20120101-core-information-disclosure - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822. - - - - - - - - - - http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html - 78515 - [oss-security] 20120129 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120126 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Fwd Joomla! Security News 2012-01 - http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html - 47753 - http://developer.joomla.org/security/news/383-20120102-core-xss-vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2012-0819. - - - - - - - - - http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html - http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html - 78518 - [oss-security] 20120129 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120126 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Fwd Joomla! Security News 2012-01 - 47753 - http://developer.joomla.org/security/news/384-20120103-core-information-disclosure - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820. - - - - - - - - - - http://www.joomla.org/announcements/release-news/5405-joomla-174-released.html - 78516 - [oss-security] 20120129 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120126 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Re: Fwd Joomla! Security News 2012-01 - [oss-security] 20120125 Fwd Joomla! Security News 2012-01 - http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html - 47753 - http://developer.joomla.org/security/news/385-20120104-core-xss-vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks". - - - - - - - - - 51775 - [oss-security] 20120129 Re: (maybe) CVE request: libvpx before 1.0 crasher - [oss-security] 20120128 (maybe) CVE request: libvpx before 1.0 crasher - MDVSA-2012:023 - http://code.google.com/p/webm/source/browse/CHANGELOG?repo=libvpx - http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting (XSS) sequences via the (1) address or (2) threadid parameters to operator/ban.php; or (3) geolinkparams, (4) title, or (5) chattitle parameters to operator/settings.php. - - - - - - - - - - - - mibew-webinterface-csrf(72822) - 51723 - [oss-security] 20120202 Re: XSS hiding CSRF (was: Re: Mibew messenger multiple XSS) - http://www.codseq.it/advisories/mibew_messenger_multiple_xss - 47787 - 20120130 Mibew messenger multiple XSS - - - - - - - - - - - - - - - - - - - - - - - - - The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. - - - - - - - - - - - https://gist.github.com/1725489 - php-phpregistervariableex-code-exec(72911) - 51830 - http://www.php.net/ChangeLog-5.php#5.3.10 - 78819 - http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html - DSA-2403 - http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/ - http://svn.php.net/viewvc?view=revision&revision=323007 - http://support.apple.com/kb/HT5281 - 1026631 - 48668 - 47813 - 47806 - 47801 - RHSA-2012:0092 - [oss-security] 20120203 Re: PHP remote code execution introduced via HashDoS fix - [oss-security] 20120202 PHP remote code execution introduced via HashDoS fix - HPSBUX02791 - SSRT100856 - openSUSE-SU-2012:0426 - APPLE-SA-2012-05-09-1 - HPSBMU02786 - SSRT100877 - - - - - - - - - - PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. - - - - - - - - - - - USN-1358-1 - 51954 - https://launchpadlibrarian.net/92454212/php5_5.3.2-1ubuntu4.13.diff.gz - php-magicquotesgpc-sec-bypass(73125) - http://svn.php.net/viewvc?view=revision&revision=323016 - 48668 - openSUSE-SU-2012:0426 - FEDORA-2012-6907 - FEDORA-2012-6911 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server. - - - - - - - - - https://fedorahosted.org/389/changeset/1bbbb3e5049c1aa0650546efab87ed2f1ea59637/389-ds-base - https://fedorahosted.org/389/ticket/162 - 49562 - 48035 - RHSA-2012:0813 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. - - - - - - - - - - https://sourceforge.net/tracker/index.php?func=detail&aid=3477910&group_id=61828&atid=498546 - MDVSA-2012:020 - 47852 - http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=commit;h=7dc8d57d6952fe681cb9e8818df7f103220457bd - [oss-security] 20120203 Re: CVE request: phpldapadmin - [oss-security] 20120202 CVE request: phpldapadmin - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to "administrator." - - - - - - - - - http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html - http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html - 78824 - [oss-security] 20120203 Re: CVE-request: Joomla! Security News 2012-02-03 - [oss-security] 20120203 CVE-request: Joomla! Security News 2012-02-03 - 47847 - http://developer.joomla.org/security/news/387-20120201-core-information-disclosure - - - - - - - - - - - - - - - Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors. - - - - - - - - - http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html - 78825 - [oss-security] 20120203 Re: CVE-request: Joomla! Security News 2012-02-03 - [oss-security] 20120203 CVE-request: Joomla! Security News 2012-02-03 - 47847 - http://developer.joomla.org/security/news/388-20120201-core-information-disclosure - - - - - - - - - - - - - - Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator." - - - - - - - - - http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html - 78826 - [oss-security] 20120203 Re: CVE-request: Joomla! Security News 2012-02-03 - [oss-security] 20120203 CVE-request: Joomla! Security News 2012-02-03 - http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html - 47847 - http://developer.joomla.org/security/news/389-20120201-core-information-disclosure - - - - - - - - - - - - - - - Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field. - - - - - - - - - - - https://issues.apache.org/jira/browse/WW-3668 - http://struts.apache.org/2.3.1.2/docs/s2-007.html - JVNDB-2012-000012 - JVN#79099262 - - - - - - - - - - - - - - - - - - - - - - - OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. - - - - - - - - - http://www.ocert.org/advisories/ocert-2011-003.html - http://www.nruns.com/_downloads/advisory28122011.pdf - [caml-list] 20111230 Re: Hashtbl and security - [caml-list] 20111230 Hashtbl and security - 47853 - [oss-security] 20120206 Re: CVE request: Hash DoS vulnerability (ocert-2011-003) - [oss-security] 20120206 CVE request: Hash DoS vulnerability (ocert-2011-003) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. - - - - - - - - - http://svn.apache.org/viewvc?rev=1231605&view=rev - apacheapr-hash-dos(73096) - [dev] 20120114 Re: Hash collision vectors in APR? - [dev] 20120113 Re: Hash collision vectors in APR? - [dev] 20120105 Hash collision vectors in APR? - 47862 - [oss-security] 20120208 Re: CVE request: apr - Hash DoS vulnerability - [oss-security] 20120208 CVE request: apr - Hash DoS vulnerability - [apr-commits] 20120115 svn commit: r1231605 - /apr/apr/trunk/tables/apr_hash.c - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the avfilter_filter_samples function in libavfilter/avfilter.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file. - - - - - - - - - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ae21776207e8a2bbe268e7c9e203f7599dd87ddb - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the ws_snd_decode_frame function in libavcodec/ws-snd1.c in FFmpeg 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted media file, related to an incorrect calculation, aka "wrong samples count." - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5257743aee0c3982f0079e6553aabc6aa39401d2 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/security.html - - - - - - - - - - Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check for a negative value. - - - - - - - - - - http://www.ffmpeg.org/trac/ffmpeg/ticket/776 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f99939a6361e2e6d6788494dd7c682b051c6c34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer underflow. - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=944f5b2779e4aa63f7624df6cd4de832a53db81b - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value. - - - - - - - - - - - - USN-1479-1 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - DSA-2494 - http://libav.org/ - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fff64e00d886fde11d61958888c82b461cf99b9 - http://ffmpeg.org/trac/ffmpeg/ticket/758 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two. - - - - - - - - - - - - https://ffmpeg.org/trac/ffmpeg/ticket/794 - USN-1479-1 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - DSA-2494 - http://libav.org/ - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=608708009f69ba4cecebf05120c696167494c897 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file. - - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c509f4f74713b035a06f79cb4d00e708f5226bc5 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016 - http://git.libav.org/?p=libav.git;a=commit;h=c509f4f74713b035a06f79cb4d00e708f5226bc5 - USN-1479-1 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/trac/ffmpeg/ticket/780 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before 0.9.1 does not use the proper pointer after an audio API change, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors, which triggers a heap-based buffer overflow. - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6d8e6fe9dbc365f50521cf0c4a5ffee97c970cb5 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable. - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: this vulnerability exists because of a regression error. - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commit;h=21270cffaeab2f67a613907516b2b0cd6c9eacf4 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/trac/ffmpeg/ticket/757 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple buffer overflows in the get_qcx function in the J2K decoder (j2kdec.c) in libavcode in FFmpeg before 0.9.1 allow remote attackers to cause a denial of service (application crash) via unspecified vectors. - - - - - - - - - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - [oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free". - - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98 - http://git.libav.org/?p=libav.git;a=commitdiff;h=204cb29b3c84a74cbcd059d353c70c8bdc567d98 - USN-1479-1 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - http://libav.org/ - http://ffmpeg.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893. - - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6fcf2bb8af0e7d6bb179e71e67e5fab8ef0d2ec2 - USN-1479-1 - [oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1 - - - - - - - - - - - - - - - - - - - - - - - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=790940 - https://bugzilla.redhat.com/attachment.cgi?id=583311 - xinetd-tcpmux-weak-security(75965) - http://www.xinetd.org/#changes - 1027050 - 53720 - 81774 - [oss-security] 20120510 Re: CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port - [oss-security] 20120509 CVE-2012-0862 assignment notification: xinetd enables unintentional services over tcpmux port - FEDORA-2012-8041 - FEDORA-2012-8061 - - - - - - - - - - - - - - - - - - - Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file. - - - - - - - - - https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e - https://bugzilla.redhat.com/show_bug.cgi?id=791000 - https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405 - [oss-security] 20120215 Re: CVE request: mumble local information disclosure - [oss-security] 20120215 CVE request: mumble local information disclosure - DSA-2411 - http://bugs.gentoo.org/show_bug.cgi?id=403939 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039 - - - - - - - - - - - - Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php. - - - - - - - - - - - http://yehg.net/lab/pr0js/advisories/%5Bcubecart_3.0.20_3.0.x%5D_open_url_redirection - 51966 - [oss-security] 20120217 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability - [oss-security] 20120213 Re: CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability - [oss-security] 20120212 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability - 79141 - 79140 - 20120210 CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. - - - - - - - - - - - http://www.postgresql.org/docs/9.1/static/release-9-1-3.html - http://www.postgresql.org/docs/9.0/static/release-9-0-7.html - http://www.postgresql.org/docs/8.4/static/release-8-4-11.html - http://www.postgresql.org/docs/8.3/static/release-8-3-18.html - http://www.postgresql.org/about/news/1377/ - MDVSA-2012:092 - MDVSA-2012:027 - MDVSA-2012:026 - DSA-2418 - RHSA-2012:0678 - RHSA-2012:0677 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. - - - - - - - - - http://www.postgresql.org/docs/9.1/static/release-9-1-3.html - http://www.postgresql.org/docs/9.0/static/release-9-0-7.html - http://www.postgresql.org/docs/8.4/static/release-8-4-11.html - http://www.postgresql.org/about/news/1377/ - MDVSA-2012:026 - DSA-2418 - RHSA-2012:0678 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. - - - - - - - - - - - http://www.postgresql.org/docs/9.1/static/release-9-1-3.html - http://www.postgresql.org/docs/9.0/static/release-9-0-7.html - http://www.postgresql.org/docs/8.4/static/release-8-4-11.html - http://www.postgresql.org/docs/8.3/static/release-8-3-18.html - http://www.postgresql.org/about/news/1377/ - MDVSA-2012:027 - MDVSA-2012:026 - DSA-2418 - RHSA-2012:0678 - RHSA-2012:0677 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=795509 - http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565 - blackberry-playbook-samba-code-execution(73361) - USN-1374-1 - http://support.apple.com/kb/HT5281 - 48186 - 48116 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist. - - - - - - - - - - http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss - oxwall-multiple-xss(73466) - 52090 - [oss-security] 20120221 OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities - [oss-security] 20120220 Re: OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities - 20120220 Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities - 20120220 OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. - - - - - - - - - - http://www.boonex.com/trac/dolphin/ticket/2530 - http://www.boonex.com/trac/dolphin/changeset/15283 - http://www.boonex.com/trac/dolphin/changeset/15282 - http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss - 52088 - [oss-security] 20120221 Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities - [oss-security] 20120220 Re: Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities - http://www.boonex.com/n/dolphin-7-0-8-released - 20120220 Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities - - - - - - - - - - - - - - - - - - - - The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. - - - - - - - - - - MDVSA-2012:041 - http://sourceforge.net/tracker/?func=detail&atid=110127&aid=3496608&group_id=10127 - http://sourceforge.net/projects/expat/files/expat/2.1.0/ - 49504 - RHSA-2012:0731 - [Expat-discuss] 20120304 Announcement: Expat 2.1.0 Beta can be tested - http://bugs.python.org/issue13703#msg151870 - - - - - - - - - - - - - - - - - - Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem. - - - - - - - - - - - https://bitbucket.org/ianb/pastescript/pull-request/3/fix-group-permissions-for-pastescriptserve - https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4 - [oss-security] 20120223 CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with - https://bugzilla.redhat.com/show_bug.cgi?id=796790 - [oss-security] 20120223 Re: CVE Request -- python-paste-script: Supplementary groups not dropped when started an application with - http://groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471 - - - - - - - - - - The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by starting multiple processes that share an I/O context. - - - - - - - - - https://github.com/torvalds/linux/commit/b69f2292063d2caf37ca9aec7d63ded203701bf3 - https://github.com/torvalds/linux/commit/61cc74fbb87af6aa551a06a370590c9bc07e29d9 - https://bugzilla.redhat.com/show_bug.cgi?id=796829 - [oss-security] 20120223 Re: CVE request -- kernel: block: CLONE_IO io_context refcounting issues - 48545 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b69f2292063d2caf37ca9aec7d63ded203701bf3 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=61cc74fbb87af6aa551a06a370590c9bc07e29d9 - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. - - - - - - - - - - - - http://svn.apache.org/viewvc?view=revision&revision=1296428 - 1026932 - http://www.apache.org/dist/httpd/Announcement2.4.html - HPSBUX02791 - SSRT100856 - [dev] 20120417 [ANNOUNCEMENT] Apache HTTP Server 2.4.2 Released - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack. - - - - - - - - - openSUSE-SU-2012:0547 - http://www.openssl.org/news/secadv_20120312.txt - DSA-2454 - 48916 - 48895 - HPSBOV02793 - SSRT100891 - FEDORA-2012-4665 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff - http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff - https://issues.asterisk.org/jira/secure/attachment/42202/issueA19202_crypto_if_uninited_text_or_video.patch - https://issues.asterisk.org/jira/browse/ASTERISK-19202 - https://bugzilla.redhat.com/show_bug.cgi?id=783487 - [oss-security] 20120120 Re: CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP - [oss-security] 20120120 CVE Request -- Asterisk AST-2012-001 / Remote DoS while processing crypto line for media stream with non-existing RTP - http://downloads.asterisk.org/pub/security/AST-2012-001.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. - - - - - - - - - - countperday-map-xss(72384) - 51402 - 18355 - http://wordpress.org/extend/plugins/count-per-day/changelog/ - 47529 - http://plugins.trac.wordpress.org/changeset/488883/count-per-day - http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt - 78271 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. - - - - - - - - - countperday-download-file-download(72385) - 51402 - 18355 - http://wordpress.org/extend/plugins/count-per-day/changelog/ - 47529 - http://plugins.trac.wordpress.org/changeset/488883/count-per-day - http://packetstormsecurity.org/files/108631/countperday-downloadxss.txt - 78270 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. - - - - - - - - - - - - irfanview-qcd-bo(72398) - 51426 - 47360 - 78333 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dwn_file parameter. - - - - - - - - - myeasy-mebdownload-directory-traversal(72404) - 47594 - http://packetstormsecurity.org/files/view/108711/wpmyeasybackup-traversal.txt - - - - - - - - - - Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. - - - - - - - - - - annuaire-sitesinscription-xss(72407) - 51434 - http://packetstormsecurity.org/files/view/108719/annuaire-xss.txt - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. - - - - - - - - - - beehiveforum101-multiple-xss(72411) - 51424 - http://www.darksecurity.de/advisories/SSCHADV2011-042.txt - 47595 - 20120115 Beehive Forum 101 Multiple XSS vulnerabilities - - - - - - - - - - Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. - - - - - - - - - - yousaytooautopublishing-yousaytoo-xss(72271) - http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt - - - - - - - - - - AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. - - - - - - - - - airties-4450-cgibin-dos(72200) - 51320 - 18336 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. - - - - - - - - - - zimbra-labelname-xss(72405) - http://www.vulnerability-lab.com/get_content.php?id=378 - 51436 - 20120116 Zimbra Desktop v7.1.2 - Persistent Software Vulnerability - http://packetstormsecurity.org/files/view/108715/VL-378.txt - - - - - - - - - - VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. - - - - - - - - - - vlcmediaplayer-amr-dos(72085) - 51255 - 18309 - oval:org.mitre.oval:def:14327 - 20120104 VLC media player v1.1.11 (.amr) Local Crash PoC - - - - - - - - - - SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php. - - - - - - - - - - - 18385 - 47563 - - - - - - - - - - SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. - - - - - - - - - - - 18386 - - - - - - - - - - Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive. - - - - - - - - - - - neoaxis-neoaxis-directory-traversal(72427) - 78311 - http://aluigi.altervista.org/adv/neoaxis_1-adv.txt - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter. - - - - - - - - - - simplesamlphp-nocookie-logout-xss(72313) - 51372 - [oss-security] 20120120 Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting - 47491 - 78255 - http://code.google.com/p/simplesamlphp/issues/detail?id=468 - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Horde_Form in Horde Groupware Webmail Edition before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to email verification. NOTE: Some of these details are obtained from third party information. - - - - - - - - - - 51586 - [oss-security] 20120121 Re: Re: CVE Request -- Horde IMP -- Multiple XSS flaws - http://www.horde.org/apps/webmail/docs/RELEASE_NOTES - http://www.horde.org/apps/webmail/docs/CHANGES - 47592 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function. - - - - - - - - - - - http://info.tiki.org/article191-Tiki-Releases-8-4 - http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS - http://dev.tiki.org/item4109 - tikiwiki-unserialize-code-exec(76758) - 54298 - 19630 - 19573 - 83534 - 20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://www.stone-ware.com/swql.jsp?kb=d1960 - http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf - - - - - - - - - - - SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information. - - - - - - - - - - - ictimeattendance-passw-sql-injection(72569) - 51589 - 18394 - 47660 - 78444 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title. - - - - - - - - - - http://www.madirish.net/content/drupal-panels-6x-39-xss-vulnerability - http://drupal.org/node/1409448 - http://drupal.org/node/1409446 - http://drupal.org/node/1409436 - drupal-panels-unspecified-xss(72549) - 51568 - 47649 - 78367 - http://drupalcode.org/project/panels.git/commit/d844942 - http://drupalcode.org/project/panels.git/commit/2066d59 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a BMP image. - - - - - - - - - - - - 51585 - 47314 - - - - - - - - - - Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via a crafted image in a chat message, as demonstrated using a PNG file. - - - - - - - - - - - - 51585 - 47314 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - hitachi-it-unspecified-xss(72248) - 51340 - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html - 47467 - 78221 - - - - - - - - - - - - - - - Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors. - - - - - - - - - - - hitachi-cobol2002-unspec-code-exec(72558) - 51580 - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html - 47643 - 47612 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - hitachi-it-unspecified-xss(72248) - 51340 - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-001/index.html - 47490 - 78215 - - - - - - - - - - - - - - Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency." - - - - - - - - - - - https://www.mantor.org/~northox/misc/CVE-2012-0920.html - https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 - dropbear-code-execution(73444) - 52159 - 79590 - DSA-2456 - 48929 - 48147 - http://matt.ucc.asn.au/dropbear/CHANGES - - - - - - - - - - - - - - rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. - - - - - - - - - - - - realplayer-rmff-code-execution(73018) - 51883 - http://service.real.com/realplayer/security/02062012_player/en/ - 47896 - 78911 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream. - - - - - - - - - - - - 51884 - http://service.real.com/realplayer/security/02062012_player/en/ - 47896 - 78912 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream. - - - - - - - - - - - http://service.real.com/realplayer/security/02062012_player/en/ - 47896 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. - - - - - - - - - - - - realplayer-rv40-code-exec(73021) - 51887 - http://service.real.com/realplayer/security/02062012_player/en/ - 47896 - 78914 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. - - - - - - - - - - - - http://service.real.com/realplayer/security/02062012_player/en/ - 47896 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. - - - - - - - - - - - - http://service.real.com/realplayer/security/02062012_player/en/ - 47896 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. - - - - - - - - - - - - http://service.real.com/realplayer/security/02062012_player/en/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple buffer overflows in Schneider Electric Modicon Quantum PLC allow remote attackers to cause a denial of service via malformed requests to the (1) FTP server or (2) HTTP server. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf - schneider-modicon-ftp-dos(72589) - schneider-modicon-http-dos(72588) - 51605 - 47723 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf - schneider-modicon-unspec-xss(72590) - 51605 - 47723 - - - - - - - - - - Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf - schneider-modicon-unity-dos(72586) - 51605 - 47723 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter. - - - - - - - - - - - leadcapture-login-xss(72623) - 47702 - http://packetstormsecurity.org/files/108887/leadcapturepagesystem-xss.txt - 78455 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/. - - - - - - - - - - acidcatcms-multiple-xss(72624) - 51608 - 47705 - http://packetstormsecurity.org/files/108869/acidcat-xss.txt - 78458 - - - - - - - - - - - - PHP remote file inclusion vulnerability in ajax/savetag.php in the Theme Tuner plugin for WordPress before 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the tt-abspath parameter. - - - - - - - - - - - http://wordpress.org/extend/plugins/theme-tuner/changelog/ - themetuner-savetag-file-include(72626) - 51636 - http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ - 47722 - http://plugins.trac.wordpress.org/changeset/492167/theme-tuner#file2 - - - - - - - - - - - - - - - SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter. - - - - - - - - - - - aryadad-default-sql-injection(72639) - 51627 - 18405 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login. - - - - - - - - - - - opennms-username-xss(72625) - 51632 - 47646 - 78454 - http://issues.opennms.org/browse/NMS/fixforversion/10825 - http://issues.opennms.org/browse/NMS/fixforversion/10824#atl_token=BCL8-RCDX-MB62-2EZT%7C38eaf469042162355c28f5393587690a8388d556%7Clout&selectedTab=com.atlassian.jira.plugin.system.project%3Aversion-summary-panel - http://issues.opennms.org/browse/NMS-5128?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs - http://fisheye.opennms.org/browse/opennms/features/springframework-security/src/main/java/org/opennms/web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java?r2=d2ce15470cb6c87c115c918eb86ef147486a9166&r1=80b80e110e4bce568fc2c6c0a15a - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DISPUTED ** wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time. - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt - 18417 - 20120124 TWSL2012-002: Multiple Vulnerabilities in WordPress - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. - - - - - - - - - - - 52929 - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf - - - - - - - - - - - - - - - - - Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. - - - - - - - - - https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131 - aptdaemon-transaction-security-bypass(74553) - 52855 - 80887 - USN-1414-1 - 48688 - - - - - - - - - - - - - - - - - - - - - - - The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. - - - - - - - - - - - USN-1420-1 - http://nvidia.custhelp.com/app/answers/detail/a_id/3109 - - - - - - - - - - Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size. - - - - - - - - - - - - http://git.libav.org/?p=libav.git;a=commit;h=58b2e0f0f2fc96c1158e04f8aba95cbe6157a1a3 - https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963 - USN-1479-1 - [oss-security] 20120503 Security issue in libav/ffmpeg - DSA-2471 - http://libav.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials. - - - - - - - - - update-manager-info-disclosure(75727) - USN-1443-1 - 53604 - 49230 - 82019 - http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.14.4.diff.gz - - - - - - - - - - - - - - - - - - The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. - - - - - - - - - update-manager-archives-info-disclosure(75728) - USN-1443-1 - 53605 - 49230 - 82020 - - - - - - - - - - - - - The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949. - - - - - - - - - https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503 - USN-1443-2 - - - - - - - - - - - - - APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587. - - - - - - - - - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681 - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639 - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128 - USN-1477-1 - USN-1475-1 - 54046 - 20120615 ubuntu apt-key (part 3) - 20120614 Using second gpg keyring may be misleading? - 20120612 Strange gpg key shadowing - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter. - - - - - - - - - - dpi-misc-xss(72823) - 51734 - 47786 - http://packetstormsecurity.org/files/view/109240/dpi10-xss.txt - 78660 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information. - - - - - - - - - silverstripe-editform-xss(72820) - 51761 - 47812 - http://packetstormsecurity.org/files/view/109210/silverstripecmspage-xss.txt - 78677 - - - - - - - - - - Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX Control 2.1.5.5 and other versions before 2.1.5.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. - - - - - - - - - - - - lurawave-jp2-qcd-bo(72807) - 51744 - 47350 - 78661 - - - - - - - - - - Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser Plug-In 1.1.1.11 and other versions before 2.1.1.11 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. - - - - - - - - - - - - lurawave-qcd-bo(72806) - 51732 - 47831 - 78662 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user. - - - Per: http://secunia.com/advisories/47784 - -'The vulnerability is confirmed in version 5.1.1. Other versions may also be affected.' - - - - - - - - - - twiki-organization-xss(72821) - 1026604 - 51731 - http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html - 47784 - http://packetstormsecurity.org/files/109246/twiki-xss.txt - 78664 - - - - - - - - - - - SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter. - - - - - - - - - - - phux-download-sql-injection(72826) - 51725 - 18432 - - - - - - - - - - Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. NOTE: Some of these details are obtained from third party information. - - - - - - - - - phpshowtime-index-directory-traversal(72824) - 18435 - 47802 - - - - - - - - - - SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter. - - - - - - - - - - - agentzone-search-sql-injection(72879) - 51773 - 18441 - - - - - - - - - - SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. - - - - - - - - - - - ezalbum-index-sql-injection(72809) - 51781 - 18438 - - - - - - - - - - Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method. - - - - - - - - - - - - vaio-activex-bo(75978) - 53735 - 18958 - 49340 - 82401 - http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946 - 20120530 2 Buffer Overflows in Wireless Manager Sony VAIO - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters. - - - - - - - - - - http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download - https://www.htbridge.ch/advisory/HTB23067 - dclassifieds-settings-csrf(72733) - 51671 - 78557 - 47691 - 20120125 CSRF (Cross-Site Request Forgery) in DClassifieds - - - - - - - - - - Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. - - - - - - - - - https://www.htbridge.ch/advisory/HTB23069 - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches - 20120201 Multiple vulnerabilities in OpenEMR - openemr-formname-file-include(72914) - 51788 - 47781 - 78730 - 78729 - 78728 - 78727 - - - - - - - - - - interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. - - - - - - - - - - - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches - 20120201 Multiple vulnerabilities in OpenEMR - https://www.htbridge.ch/advisory/HTB23069 - openemr-faxdispatch-command-execution(72915) - 51788 - 47781 - 78731 - - - - - - - - - - Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie. - - - - - - - - - - - http://www.zenphoto.org/trac/changeset/8995 - http://www.zenphoto.org/trac/changeset/8994 - https://www.htbridge.ch/advisory/HTB23070 - zenphoto-viewersizeimage-code-execution(73081) - http://www.zenphoto.org/news/zenphoto-1.4.2.1 - 51916 - 47875 - 20120208 Multiple vulnerabilities in ZENphoto - - - - - - - - - - SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter. - - - - - - - - - - - http://www.zenphoto.org/trac/changeset/8995 - http://www.zenphoto.org/trac/changeset/8994 - https://www.htbridge.ch/advisory/HTB23070 - zenphoto-albumsort-sql-injection(73082) - http://www.zenphoto.org/news/zenphoto-1.4.2.1 - 51916 - 47875 - 20120208 Multiple vulnerabilities in ZENphoto - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php. - - - - - - - - - - http://www.zenphoto.org/trac/changeset/8995 - http://www.zenphoto.org/trac/changeset/8994 - https://www.htbridge.ch/advisory/HTB23070 - zenphoto-multiple-xss(73083) - http://www.zenphoto.org/news/zenphoto-1.4.2.1 - 51916 - 47875 - 20120208 Multiple vulnerabilities in ZENphoto - - - - - - - - - - Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. - - - - - - - - - https://www.htbridge.ch/advisory/HTB23071 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action. - - - - - - - - - - - - https://www.htbridge.ch/advisory/HTB23071 - - - - - - - - - - Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. - - - - - - - - - - - http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php - https://www.htbridge.ch/advisory/HTB23072 - http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt - - - - - - - - - - - - - SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. - - - - - - - - - - - http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php - https://www.htbridge.ch/advisory/HTB23072 - http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php. - - - - - - - - - - http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php - https://www.htbridge.ch/advisory/HTB23072 - http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt - - - - - - - - - - - - - Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. - - - - - - - - - - - http://www.openconf.com/news/#20120202 - - - - - - - - - - - - - - Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue." - - - - - - - - - opera-integer-dos(73027) - http://blog.vulnhunt.com/index.php/2012/02/02/cal-2012-0004-opera-array-integer-overflow/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information. - - - Per: http://foswiki.org/Support/SecurityAlert-CVE-2012-1004 - -'Vulnerable Software Versions - All versions 1.0.0 - 1.1.4 inclusive for sites that use the user registration process' - - - - - - - - - - http://st2tea.blogspot.com/2012/02/foswiki-cross-site-scripting.html - 47849 - http://foswiki.org/Tasks/Item11501 - http://foswiki.org/Tasks/Item11498 - http://foswiki.org/Support/SecurityAlert-CVE-2012-1004 - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog/AboutSomething.txt. - - - - - - - - - - sphinixsoftware-comment-xss(72913) - 51820 - 47876 - http://secpod.org/blog/?p=453 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders. - - - - - - - - - - apache-struts-multiple-xss(72888) - 51902 - http://secpod.org/blog/?p=450 - http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do. - - - - - - - - - - apache-struts-name-xss(73052) - http://secpod.org/blog/?p=450 - http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt - - - - - - - - - - OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. - - - - - - - - - 18453 - http://secpod.org/exploits/SecPod_Exploit_OfficeSIP_Server_DOS.py - http://secpod.org/blog/?p=461 - http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt - - - - - - - - - - NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. - - - - - - - - - netsarang-xlpd-dos(72933) - 51821 - 18454 - http://secpod.org/blog/?p=457 - http://secpod.org/advisories/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS_Vuln.txt - - - - - - - - - - - - - Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. - - - - - - - - - - - allwebmenus-actions-file-upload(72640) - 51615 - 18407 - http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/ - 47659 - 20120122 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. - - - - - - - - - - - http://wordpress.org/extend/plugins/allwebmenus-wordpress-menu-plugin/changelog/ - allwebmenus-actions-file-upload(72640) - 51615 - 18407 - 47659 - 20120122 AllWebMenus < 1.1.9 WordPress Menu Plugin Arbitrary file upload - - - - - - - - - - server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=796438 - http://web.mit.edu/kerberos/krb5-1.10/ - http://src.mit.edu/fisheye/changelog/krb5/?cs=25704 - http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7093 - - - - - - - - - - - The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password. - Per: http://cwe.mitre.org/data/definitions/476.html - -'CWE-476: NULL Pointer Dereference' - - - - - - - - - https://github.com/krb5/krb5/commit/c5be6209311d4a8f10fda37d0d3f876c1b33b77b - openSUSE-SU-2012:0834 - https://bugzilla.redhat.com/show_bug.cgi?id=827517 - MDVSA-2012:102 - http://web.mit.edu/kerberos/krb5-1.10/ - [kerberos-announce] 20120531 krb5-1.10.2 is released - http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7152 - - - - - - - - - - - - - - - - - - - - - - The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request. - - - - - - - - - - - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt - - - - - - - - - - - - The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request. - - - - - - - - - - - http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2012-001.txt - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters. - - - - - - - - - - - base-ipaddr-sql-injection(72998) - 51874 - 18465 - 47857 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. - - - - - - - - - - currencyconverter-convert-xss(72917) - 51804 - http://dl.packetstormsecurity.net/1202-exploits/joomlacurrencyconverter-xss.txt - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/DownloadFeedback. NOTE: some of these details are obtained from third party information. - - - - - - - - - - 51867 - http://st2tea.blogspot.com/2012/02/xwiki-cross-site-scripting.html - 47885 - http://packetstormsecurity.org/files/109447/XWiki-Enterprise-3.4-Cross-Site-Scripting.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter. - - - - - - - - - - nexorone-login-xss(73001) - http://www.vulnerability-lab.com/get_content.php?id=304 - 51876 - 47897 - 20120205 NexorONE Online Banking - Multiple Cross Site Vulnerabilities - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. - - - - - - - - - - 4images-categories-xss(72924) - 51774 - 47811 - http://packetstormsecurity.org/files/109290/4images-xss.txt - 78711 - - - - - - - - - - SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action. - - - - - - - - - - - 4images-catparentid-sql-injection(72932) - 51774 - http://packetstormsecurity.org/files/109290/4images-xss.txt - - - - - - - - - - Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. - - - - - - - - - - - 4images-index-open-redirect(72925) - 51774 - http://packetstormsecurity.org/files/109290/4images-xss.txt - 78779 - - - - - - - - - - Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. - - - - - - - - - enigma2-webinterface-directory-traversal(73109) - 18343 - - - - - - - - - - - Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. - - - - - - - - - 18343 - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. - - - - - - - - - - - xraycms-login2-sql-injection(73000) - 51870 - 18467 - http://sourceforge.net/tracker/?func=detail&aid=3488241&group_id=298778&atid=1260461 - 20120212 sqlinjection bug in nova cms - - - - - - - - - - Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed. - - - - - - - - - - VU#732115 - projectopen-accountclosed-xss(72952) - 51842 - 47854 - 78823 - http://dl.packetstormsecurity.net/1202-exploits/projectopen-xss.txt - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter. - - - - - - - - - - simple-groupware-index-xss(73042) - 51882 - http://voxel.dl.sourceforge.net/project/simplgroup/README.md - 20120206 SimpleGroupware 0.742 Cross-Site-Scripting vulnerability - - - - - - - - - - SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - tubeace-q-sql-injection(72999) - 52046 - 51873 - 18466 - 47874 - http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.html - 78900 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. - - - - - - - - - - http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.62.aspx - http://technet.microsoft.com/en-us/security/msvr/msvr12-003 - - - - - - - - - - - - Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. - - - - - - - - - - - 51877 - http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/ - http://world.episerver.com/Blogs/Jens-N/Dates/2012/1/Security-vulnerability---Elevation-of-privilege/ - 47910 - - - - - - - - - - - - - - - - - - The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. - - - Per: https://www.isc.org/software/bind/advisories/cve-2012-1033 - -'Solution: - -On further review, ISC has determined that this is not an issue which needs an immediate patch. The issue is being reviewed at the protocol level and will be addressed there. Implementing DNSSEC is the safest mitigation measure.' - - - - - - - - - VU#542123 - https://www.isc.org/software/bind/advisories/cve-2012-1033 - openSUSE-SU-2012:0864 - openSUSE-SU-2012:0863 - isc-bind-update-sec-bypass(73053) - 1026647 - 51898 - 47884 - 78916 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 51877 - http://world.episerver.com/PageFiles/110367/BugList.txt - http://world.episerver.com/Blogs/Shahid-Nawaz/Dates/2012/1/General-Hotfix-CMS-6-R2/ - 47910 - - - - - - - - - - - - - - - - - - AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. - - - - - - - - - http://www.ocert.org/advisories/ocert-2011-003.html - http://www.nruns.com/_downloads/advisory28122011.pdf - http://www.adacore.com/2012/01/27/security-advisory-sa-2012-l119-003-hash-collisions-in-aws/ - 20120127 AdaCore Security Advisory SA-2012-L119-003 Hash collisions in AWS - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. - - - - - - - - - - http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx - http://technet.microsoft.com/en-us/security/msvr/msvr12-002 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PHP remote file inclusion vulnerability in front/popup.php in GLPI 0.78 through 0.80.61 allows remote authenticated users to execute arbitrary PHP code via a URL in the sub_type parameter. - - - - - - - - - - - https://forge.indepnet.net/projects/glpi/versions/685 - https://forge.indepnet.net/projects/glpi/repository/revisions/17457/diff/branches/0.80-bugfixes/front/popup.php - https://forge.indepnet.net/issues/3338 - MDVSA-2012:016 - 20120210 CVE-2012-1037: GLPI <= 0.80.61 LFI/RFI - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php. - - - - - - - - - - http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2 - https://www.htbridge.ch/advisory/HTB23074 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696. - - - - - - - - - - 51905 - 78917 - PM49009 - http://www-01.ibm.com/support/docview.wss?uid=swg27023584 - http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1PM49009 - 1026648 - 47889 - - - - - - - - - - Directory traversal vulnerability in the WWWHELP Service (js/html/wwhelp.htm) in Cyberoam Central Console (CCC) 2.00.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter in an Online_help action. - - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=405 - 51901 - 18473 - 20120207 Cyberoam Central Console v2.00.2 - File Include Vulnerability - - - - - - - - - - Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter. - - - - - - - - - - efrontcommunity-administrator-xss(73043) - http://www.vulnerability-lab.com/get_content.php?id=423 - 51894 - 20120207 eFronts Community++ v3.6.10 - Cross Site Vulnerability - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do. - - - - - - - - - - manageengine-admanager-multiple-xss(73039) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5070.php - 51893 - 47887 - http://packetstormsecurity.org/files/109528 - - - - - - - - - - Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header. - - - - - - - - - mathopd-http-directory-traversal(73049) - 1026641 - http://www.mathopd.org/security.html - [mathopd] 20120202 security alert: directory traversal when using * in Location - 47908 - 78896 - 20120203 Mathopd - Directory Traversal Vulnerability - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. - - - - - - - - - - - - xnview-qcd-bo(73040) - 51896 - 47352 - 78904 - - - - - - - - - - Buffer overflow in IvanView 1.2.15 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. - - - - - - - - - - - - ivanview-qcd-bo(73041) - 51895 - 47362 - 78905 - - - - - - - - - - The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors relate to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups. - - - - - - - - - - - openSUSE-SU-2012:0835 - puppet-forked-priv-escalation(73445) - 52158 - 79495 - DSA-2419 - USN-1372-1 - 48290 - 48166 - 48161 - 48157 - http://puppetlabs.com/security/cve/cve-2012-1053/ - http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14 - http://projects.puppetlabs.com/issues/12459 - http://projects.puppetlabs.com/issues/12458 - http://projects.puppetlabs.com/issues/12457 - SUSE-SU-2012:0325 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login. - - - - - - - - - - - openSUSE-SU-2012:0835 - puppet-k5login-type-symlink(73446) - 52158 - 79496 - DSA-2419 - USN-1372-1 - 48290 - 48166 - 48161 - 48157 - http://puppetlabs.com/security/cve/cve-2012-1054/ - http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14 - http://projects.puppetlabs.com/issues/12460 - SUSE-SU-2012:0325 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in PhotoLine 17.01 and possibly other versions before 17.02 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. - - - - - - - - - - - - photoline-qcd-bo(73103) - 51948 - 47477 - 78985 - - - - - - - - - - The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal does not properly enforce permissions for (1) Recent forwards, (2) Most forwarded, or (3) Dynamic blocks, which allows remote attackers to obtain node titles via unspecified vectors. - - - - - - - - - http://drupal.org/node/1425150 - http://drupal.org/node/1423722 - drupal-multiple-blocks-security-bypass(72920) - 51826 - 47851 - 78817 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the clickthrough tracking functionality in the Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of administrators for requests that increase node rankings via the tracking code, possibly related to improper "flood control." - - - - - - - - - - - - http://drupal.org/node/1425150 - http://drupal.org/node/1423722 - drupal-forward-unspecified-csrf(72922) - 51826 - 47851 - 78817 - http://drupalcode.org/project/forward.git/commitdiff/72158fdbfbf5a068938985e3d10ce1d8f969d9c3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php. - - - - - - - - - - - - flyspray-index-csrf(73051) - 18468 - 47881 - http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html - 78923 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module. - - - - - - - - - - https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df - oscommerce-index-xss(72916) - http://www.vulnerability-lab.com/get_content.php?id=407 - 51831 - 18455 - http://packetstormsecurity.org/files/109389/VL-407.txt - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters. - - - - - - - - - - http://www.madirish.net/content/drupal-revisioning-6x-313-xss-vulnerability - http://drupal.org/node/1431114 - 51923 - 47931 - http://drupalcode.org/project/revisioning.git/commit/768c882 - http://drupal.org/node/1433550 - - - - - - - - - - SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - gforgeadvanced-unspecified-sql-injection(73085) - 51912 - 47587 - 78928 - http://gforgegroup.wordpress.com/2012/02/03/gforge-as-6_0_1-release/ - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474. - - - - - - - - - - meapplicationsmanager-multiple-xss(72830) - http://www.vulnerability-lab.com/get_content.php?id=115 - 51796 - 47724 - http://packetstormsecurity.org/files/view/109238/VL-115.txt - 78722 - 78721 - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do. - - - - - - - - - - - meapplication-multiple-sql-injection(72831) - http://www.vulnerability-lab.com/get_content.php?id=115 - 51796 - http://packetstormsecurity.org/files/view/109238/VL-115.txt - - - - - - - - - - - - - - - - - - Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method. - - - - - - - - - - 2xapplication-activex-file-overwrite(72947) - 51856 - 47657 - 78831 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar. - - - - - - - - - - smartycms-template-xss(72918) - 51805 - http://dl.packetstormsecurity.net/1202-exploits/smartycms-xss.txt - - - - - - - - - - SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - - - - - - - - - - - wprecentcomments-index-sql-injection(72951) - 51859 - 47870 - 78820 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging. - - - - - - - - - - wprecentcomments-core-xss(70003) - 49734 - 75635 - http://wordpress.org/extend/plugins/wp-recentcomments/changelog/ - 46141 - http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in module/kb/search_word in the search module in lknSupport allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. - - - - - - - - - - lknsupport-search-xss(72926) - 51803 - http://dl.packetstormsecurity.net/1202-exploits/iknsupport-xss.txt - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter." - - - - - - - - - - 51845 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 47823 - 78749 - - - - - - - - - - - - - - SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. - - - - - - - - - - - typo3-kitchen-unspecified-sql-injection(72934) - 51825 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/mv_cooking/0.4.1/ - 47437 - 78748 - - - - - - - - - - - - SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - typo3-category-unspecified-sql-injection(72958) - 51834 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78785 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - typo3-categorysystem-unspecified-xss(72957) - 51834 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78784 - - - - - - - - - - SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - typo3-whitepapers-unspecified-sql-injection(72959) - 51837 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78786 - - - - - - - - - - SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - typo3-documents-unspecified-sql-injection(72961) - 51838 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/rtg_files/1.5.2/ - 47842 - 78788 - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - typo3-documents-unspecified-xss(72960) - 51838 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/rtg_files/1.5.2/ - 47842 - 78787 - - - - - - - - - - - - - - SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/ - 78790 - - - - - - - - - - - The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." - - - - - - - - - typo3-sysutils-unspecified-info-disclosure(72964) - 51844 - 78791 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/sysutils/1.0.4/ - - - - - - - - - - - - - - Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. - - - - - - - - - - - typo3-webservices-unspecified-code-execution(72965) - 51843 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/ - 78792 - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 51848 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78794 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/ya_googlesearch/0.3.10/ - 51851 - 78795 - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 51849 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78796 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - 51849 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78797 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - typo3-beuserswitch-unspecified-xss(72974) - 51852 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78798 - - - - - - - - - - Unspecified vulnerability in the BE User Switch (beuserswitch) extension 0.0.1 for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. - - - - - - - - - typo3-beuserswitch-unspec-info-disclosure(72973) - 51852 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78799 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 51855 - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - 78801 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/ - http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/ - 78789 - - - - - - - - - - - Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package. - - - - - - - - - apache-wicket-dir-traversal(74276) - http://wicket.apache.org/2012/03/22/wicket-cve-2012-1089.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. - - - - - - - - - https://github.com/torvalds/linux/commit/88d7d4e4a439f32acc56a6d860e415ee71d3df08 - https://bugzilla.redhat.com/show_bug.cgi?id=798293 - [oss-security] 20120228 Re: CVE request -- kernel: cifs: dentry refcount leak when opening a FIFO on lookup leads to panic on unmount - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1410. Reason: This candidate is a reservation duplicate of CVE-2012-1410. Notes: All CVE users should reference CVE-2012-1410 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a (1) PTRACE_GETREGSET or (2) PTRACE_SETREGSET ptrace call. - - - - - - - - - - - https://github.com/torvalds/linux/commit/c8e252586f8d5de906385d8cf6385fee289a825e - https://bugzilla.redhat.com/show_bug.cgi?id=799209 - [oss-security] 20120305 CVE-2012-1097 kernel: regset: Prevent null pointer reference on readonly regsets - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c8e252586f8d5de906385d8cf6385fee289a825e - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=799275 - [oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws - [oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws - http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released - [rubyonrails-security] 20120301 Possible XSS Security Vulnerability in SafeBuffer#[] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=799276 - [oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws - [oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws - http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released - [rubyonrails-security] 20120301 XSS Vulnerability in the select helper - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. - - - - - - - - - https://fedorahosted.org/abrt/changeset/23d6997d7886abe118c28254f7f73f0b19b2d4e0 - abrt-info-disc(76524) - 54121 - RHSA-2012:0841 - - - - - - - - - - The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error. - - - - - - - - - https://github.com/taglib/taglib/commit/77d61c6eca4d08b9b025738acf6b926cc750db23 - taglib-analyzecurrent-dos(73666) - 52284 - [oss-security] 20120305 Re: CVE-Request taglib vulnerabilities - GLSA-201206-16 - 49688 - 48211 - 79814 - [pipermail] 20120304 multiple security vulnerabilities in taglib - [pipermail] 20120304 multiple security vulnerabilities in taglib - - - - - - - - - - - - - - - - - - - - - The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. - - - - - - - - - - https://github.com/taglib/taglib/commit/b3646a07348ffa276ea41a9dae03ddc63ea6c532 - taglib-parse-dos(73665) - 52284 - [oss-security] 20120305 Re: CVE-Request taglib vulnerabilities - GLSA-201206-16 - 49688 - 48211 - 79813 - [pipermail] 20120305 multiple security vulnerabilities in taglib - [pipermail] 20120304 multiple security vulnerabilities in taglib - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php. - - - - - - - - - - http://yehg.net/lab/pr0js/advisories/%5Betano_1.2.x%5D_xss - etano-multiple-xss(73669) - 52295 - 79830 - 79829 - 79828 - 79827 - [oss-security] 20120305 Re: Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities - [oss-security] 20120306 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities - 48165 - 20120305 Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities - - - - - - - - - - Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. - - - - - - - - - - - http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi - openrealty-selectuserstemplate-file-include(73736) - 52296 - [oss-security] 20120305 Re: Open-Realty CMS 2.5.8 (2.x.x) <= - [oss-security] 20120306 Open-Realty CMS 2.5.8 (2.x.x) <= - 20120305 Open-Realty CMS 2.5.8 (2.x.x) <= - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=812045 - FEDORA-2012-5777 - http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 - - - - - - - - - - - - - - - - - The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports. - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/eb803ed02105fc919cf5f789e939f2b824162927 - [oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9 - http://www.mantisbt.org/bugs/view.php?id=10124 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 - DSA-2500 - 49572 - 48258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection. - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/dea7e315f3fc96dfa995e56e8810845fc07a47aa - https://github.com/mantisbt/mantisbt/commit/cf5df427f17cf9204645f83e000665780eb9afe6 - [oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9 - http://www.mantisbt.org/bugs/view.php?id=13816 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 - DSA-2500 - 49572 - 48258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes. - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/df7782a65e96aa1c9639a7625a658102134c7fe0 - [oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9 - http://www.mantisbt.org/bugs/view.php?id=13656 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 - DSA-2500 - 49572 - 48258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/9443258724e84cb388aa1865b775beaecd80596d - [oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9 - http://www.mantisbt.org/bugs/view.php?id=13561 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 - 48258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project. - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/0da3f7ace233208eb3c8d628cc2fd6e56d83839f - [oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9 - http://www.mantisbt.org/bugs/view.php?id=13748 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 - DSA-2500 - 49572 - 48258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. - - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/f5106be52cf6aa72c521f388e4abb5f0de1f1d7f - http://www.mantisbt.org/bugs/view.php?id=13901 - [oss-security] 20120306 Re: CVE request: mantisbt before 1.2.9 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=140 - DSA-2500 - 49572 - 48258 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800581 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800583 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800584 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800585 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800587 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800589 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800590 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800591 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - DSA-2428 - GLSA-201204-04 - 48918 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800592 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - DSA-2428 - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800593 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800594 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - DSA-2428 - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800595 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800597 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800598 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800600 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48758 - RHSA-2012:0467 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800602 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800604 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - DSA-2428 - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800606 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - GLSA-201204-04 - 48918 - 48758 - RHSA-2012:0467 - SUSE-SU-2012:0521 - SUSE-SU-2012:0483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=800607 - https://bugzilla.mozilla.org/show_bug.cgi?id=733512 - [oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9 - http://www.mozilla.org/security/announce/2012/mfsa2012-21.html - DSA-2428 - GLSA-201204-04 - 48758 - RHSA-2012:0467 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. - - - - - - - - - network-satellite-null-sec-bypass(74498) - 1026873 - 52832 - 81481 - 48664 - RHSA-2012:0436 - - - - - - - - - - The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by registering memory threshold events. - - - - - - - - - - - https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f - https://bugzilla.redhat.com/show_bug.cgi?id=800813 - [oss-security] 20120307 Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=371528caec553785c37f73fa3926ea0de84f986f - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. - - - - - - - - - - http://trac.wxwidgets.org/ticket/11432 - http://trac.wxwidgets.org/ticket/11194 - http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127 - http://sourceforge.net/projects/expat/files/expat/2.1.0/ - http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15 - - - - - - - - - - - - - - - - - - Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. - - - - - - - - - http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167 - MDVSA-2012:041 - http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127 - http://sourceforge.net/projects/expat/files/expat/2.1.0/ - 49504 - RHSA-2012:0731 - - - - - - - - - - - - - - - - - - Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. - - - - - - - - - - - 1027068 - 53570 - 81988 - http://www.openoffice.org/security/cves/CVE-2012-1149.html - MDVSA-2012:091 - MDVSA-2012:090 - http://www.libreoffice.org/advisories/cve-2012-1149 / - DSA-2487 - DSA-2473 - 49392 - 49373 - 47244 - 46992 - RHSA-2012:0705 - FEDORA-2012-8042 - FEDORA-2012-8114 - - - - - - - - - - - - - - - - - - - - - - - - Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function. - - - - - - - - - https://rt.cpan.org/Public/Bug/Display.html?id=75642 - https://bugzilla.redhat.com/show_bug.cgi?id=801733 - dbdpg-dbdstprepare-format-string(73855) - dbdpg-pgwarn-format-string(73854) - [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws - [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws - DSA-2431 - 48319 - 48307 - http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. - - - - - - - - - https://rt.cpan.org/Public/Bug/Display.html?id=75365 - https://rt.cpan.org/Public/Bug/Display.html?id=46507 - https://bugzilla.redhat.com/show_bug.cgi?id=801738 - yaml-load-format-string(73856) - 52381 - [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws - [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws - DSA-2432 - 48317 - FEDORA-2012-4871 - FEDORA-2012-5035 - FEDORA-2012-4997 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548 - - - - - - - - - - Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct." - - - - - - - - - - - [oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip - [oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip - http://www.nih.at/libzip/NEWS.html - MDVSA-2012:034 - GLSA-201203-23 - [libzip-discuss] 20120320 libzip-0.10.1 security fix release - - - - - - - - - - Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak. - - - - - - - - - - - - [oss-security] 20120329 Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip - [oss-security] 20120321 CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip - http://www.nih.at/libzip/NEWS.html - MDVSA-2012:034 - GLSA-201203-23 - [libzip-discuss] 20120320 libzip-0.10.1 security fix release - - - - - - - - - - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. - - - - - - - - - http://www.openldap.org/software/release/changes.html - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7143 - 49607 - 48372 - RHSA-2012:0899 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250. - - - - - - - - - USN-1424-1 - [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue - [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue - [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue - [oss-security] 20120312 Re: CVE request: openssl: null pointer dereference issue - DSA-2454 - 48895 - HPSBOV02793 - SSRT100891 - FEDORA-2012-4665 - SSRT100877 - HPSBMU02786 - http://cvs.openssl.org/chngview?cn=22252 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. - - - - - - - - - - http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/rfc1867.c?r1=321664&r2=321663&pathrev=321664 - https://students.mimuw.edu.pl/~ai292615/php_multipleupload_overwrite.pdf - https://nealpoole.com/blog/2011/10/directory-traversal-via-php-multi-file-uploads/ - https://bugs.php.net/bug.php?id=55500 - https://bugs.php.net/bug.php?id=54374 - https://bugs.php.net/bug.php?id=49683 - https://bugs.php.net/bug.php?id=48597 - http://www.php.net/ChangeLog-5.php#5.4.0 - http://svn.php.net/viewvc?view=revision&revision=321664 - [oss-security] 20120313 Re: CVE request for PHP 5.3.x Corrupted $_FILES indices lead to security concern - HPSBUX02791 - SSRT100856 - FEDORA-2012-6869 - FEDORA-2012-6907 - FEDORA-2012-6911 - http://isisblogs.poly.edu/2011/08/11/php-not-properly-checking-params/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. - - - - - - - - - - - - openSUSE-SU-2012:0539 - https://downloads.avaya.com/css/P8/documents/100161772 - libtiff-gttileseparate-bo(74656) - 52891 - 81025 - DSA-2447 - USN-1416-1 - 48893 - 48757 - 48735 - 48722 - 48684 - RHSA-2012:0468 - FEDORA-2012-5410 - FEDORA-2012-5406 - FEDORA-2012-5463 - http://home.gdal.org/private/zdi-can-1221/zdi-can-1221.txt - http://bugzilla.maptools.org/show_bug.cgi?id=2369 - http://bugzilla.maptools.org/attachment.cgi?id=477&action=diff - - - - - - - - - - The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session." - - - - - - - - - - http://cgit.freedesktop.org/systemd/systemd/commit/?id=5ebff5337594d690b322078c512eb222d34aaa82 - https://bugzilla.redhat.com/show_bug.cgi?id=803358 - [oss-security] 20120316 [Notification] CVE-2012-1174 systemd: TOCTOU race condition by removing user session - MDVSA-2012:030 - FEDORA-2012-6456 - - - - - - - - - - Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SWF file, which triggers a heap-based buffer overflow. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=803443 - 52446 - [oss-security] 20120314 Re: CVE request: gnash integer overflow - [oss-security] 20120314 CVE request: gnash integer overflow - DSA-2435 - 48466 - 47183 - http://git.savannah.gnu.org/cgit/gnash.git/commit/?id=bb4dc77eecb6ed1b967e3ecbce3dac6c5e6f1527 - - - - - - - - - - Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence. - - - - - - - - - https://github.com/pediapress/pyfribidi/issues/2%29: - https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a - https://bugzilla.wikimedia.org/show_bug.cgi?id=35055 - https://bugzilla.redhat.com/show_bug.cgi?id=801896 - fribidi-utf8-bo(74001) - 52451 - [oss-security] 20120314 Re: CVE request: pyfribidi buffer overflow flaw - [oss-security] 20120314 CVE request: pyfribidi buffer overflow flaw - FEDORA-2012-3513 - http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/aacd036037217998/8d095f85f3665bff?lnk=raot - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189 - - - - - - - - - - libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate. - - - - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=752088 - https://bugzilla.gnome.org/show_bug.cgi?id=671535 - https://bugs.launchpad.net/ubuntu/+source/libgdata/+bug/938812 - [oss-security] 20120314 Re: CVE Request: libgdata did not verify SSL certificates - [oss-security] 20120314 Re: CVE Request: libgdata did not verify SSL certificates - [oss-security] 20120314 CVE Request: libgdata did not verify SSL certificates - http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840 - http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c - - - - - - - - - - - The msn_oim_report_to_user function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service (application crash) via an OIM message that lacks UTF-8 encoding. - - - - - - - - - http://pidgin.im/news/security/?id=61 - http://developer.pidgin.im/viewmtn/revision/info/3053d6a37cc6d8774aba7607b992a4408216adcd - http://developer.pidgin.im/viewmtn/revision/diff/60f8379d0a610538cf42e0dd9ab1436c8b9308cd/with/3053d6a37cc6d8774aba7607b992a4408216adcd/libpurple/protocols/msn/oim.c - http://developer.pidgin.im/ticket/14884 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. - - - - - - - - - https://github.com/torvalds/linux/commit/4a1d704194a441bf83c636004a479e01360ec850 - https://bugzilla.redhat.com/show_bug.cgi?id=803793 - [oss-security] 20120315 CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON() - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.1 - - - - - - - - - - Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. - - - - - - - - - [oss-security] 20120315 CVE Request: nginx fix for malformed HTTP responses from upstream servers - http://nginx.org/en/security_advisories.html - http://nginx.org/download/patch.2012.memory.txt - https://bugzilla.redhat.com/show_bug.cgi?id=803856 - nginx-ngxcpystrn-info-disclosure(74191) - 1026827 - 52578 - [oss-security] 20120315 Re: CVE Request: nginx fix for malformed HTTP responses from upstream servers - http://trac.nginx.org/nginx/changeset/4531/nginx - http://trac.nginx.org/nginx/changeset/4530/nginx - GLSA-201203-22 - 48577 - 48465 - 20120315 nginx fix for malformed HTTP responses from upstream servers - 80124 - FEDORA-2012-4006 - FEDORA-2012-3991 - FEDORA-2012-3846 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit. - - - - - - - - - https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 - apache-modfcgid-dos(74181) - 52565 - [oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost - [oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost - DSA-2436 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814 - - - - - - - - - - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. - - - - - - - - - - - https://www.samba.org/samba/security/CVE-2012-1182 - USN-1423-1 - http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578 - http://support.apple.com/kb/HT5281 - 48999 - FEDORA-2012-6382 - APPLE-SA-2012-05-09-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1185 - [oss-security] 20120319 CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 - http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/property.c - http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c - imagemagick-profile-code-execution(76140) - 51957 - 80556 - DSA-2462 - USN-1435-1 - 49317 - 49043 - 48974 - 47926 - openSUSE-SU-2012:0692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248. - - - - - - - - - - 51957 - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1186 - imagemagick-syncimageprofiles-dos(76139) - 80555 - [oss-security] 20120319 Subject: CVE-2012-1185 / CVE-2012-1186 assignment notification - incomplete ImageMagick fixes for CVE-2012-0247 / CVE-2012-0248 - DSA-2462 - USN-1435-1 - http://trac.imagemagick.org/changeset/6998/ImageMagick/branches/ImageMagick-6.7.5/magick/profile.c - 49317 - 49043 - 48974 - 47926 - openSUSE-SU-2012:0692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name. - - - - - - - - - - https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6 - http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php - FEDORA-2012-5599 - - - - - - - - - - - - - - - - - - - - - - - - The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. - - - - - - - - - - https://www.isc.org/files/imce/ghostdomain_camera.pdf - - - - - - - - - - The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. - - - - - - - - - - https://www.isc.org/files/imce/ghostdomain_camera.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. - - - - - - - - - - https://www.isc.org/files/imce/ghostdomain_camera.pdf - - - - - - - - - - The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. - - - - - - - - - - https://www.isc.org/files/imce/ghostdomain_camera.pdf - - - - - - - - - - - Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup web service in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via a PutUpdateFileCore command in a RunAMTCommand SOAP request, then accessing the file via a direct request to the file in the web root. - - - - - - - - - - - thinkmanagement-serversetup-file-upload(73207) - 1026693 - 52023 - 47666 - 79276 - - - - - - - - - - Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot dot) in the filename parameter in a SetTaskLogByFile SOAP request. - - - - - - - - - thinkmanagement-vulcore-dir-traversal(73208) - 1026693 - 52023 - 47666 - 79277 - - - - - - - - - - Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-based buffer overflow. - - - - - - - - - - - - acdsee-bmp-image-bo(73242) - 52047 - 47450 - 79305 - - - - - - - - - - base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action. - - - - - - - - - - - base-baseagmain-security-bypass(73201) - 51979 - http://packetstormsecurity.org/files/109663/BASE-1.4.5-Remote-File-Inclusion-Shell-Creation.html - - - - - - - - - - Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php. - - - - - - - - - - - base-multiple-file-include(73200) - 51979 - http://packetstormsecurity.org/files/109663/BASE-1.4.5-Remote-File-Inclusion-Shell-Creation.html - - - - - - - - - - Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php. - - - - - - - - - - - novacms-multiple-file-include(73159) - 51976 - http://packetstormsecurity.org/files/109669/Nova-CMS-Remote-File-Inclusion.html - - - - - - - - - - PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. - - - - - - - - - - - http://wordpress.org/extend/plugins/relocate-upload/changelog/ - http://plugins.trac.wordpress.org/changeset/504380/relocate-upload - 49693 - 47976 - 79250 - - - - - - - - - - - - Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow. - - - - - - - - - - - - hancom-png-bo(73026) - hancom-importgr-bo(73025) - 51892 - http://www.hancom.co.kr/notice.noticeView.do?targetRow=1&notice_seqno=100 - 47386 - 78907 - 78906 - - - - - - - - - - Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php. - - - - - - - - - https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29 - forkcms-js-file-include(73169) - 51972 - http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released - http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index. - - - - - - - - - - https://github.com/forkcms/forkcms/commit/df75e0797a6540c4d656969a2e7df7689603b2cf - https://github.com/forkcms/forkcms/commit/d65c083adc91c88d21bd9a0df4c2688df634c6ff - https://github.com/forkcms/forkcms/commit/8fa74dd3e2e32723cd121177dce6aeac37e29df6 - 51972 - http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released - 47937 - http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. - - - - - - - - - - https://github.com/forkcms/forkcms/commit/df75e0797a6540c4d656969a2e7df7689603b2cf - https://github.com/forkcms/forkcms/commit/c8ec9c58a6b3c46cdd924532c1de99bcda6072ed - http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released - - - - - - - - - - SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. - - - - - - - - - - - pfile-file-sql-injection(73166) - 51982 - http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter. - - - - - - - - - - pfile-kommentar-xss(73165) - 51982 - http://packetstormsecurity.org/files/109670/Pfile-1.02-Cross-Site-Scripting-SQL-Injection.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information. - - - - - - - - - - smw-target-xss(73167) - 51980 - http://st2tea.blogspot.com/2012/02/smw-enterprise-wiki-156-cross-site.html - 47968 - http://packetstormsecurity.org/files/109637/SMW-1.5.6-Cross-Site-Scripting.html - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client allows remote attackers to inject arbitrary web script or HTML via the view parameter. - - - - - - - - - - zimbra-view-xss(73168) - 51974 - http://st2tea.blogspot.com/2012/02/zimbra-cross-site-scripting.html - http://packetstormsecurity.org/files/109710/Zimbra-Cross-Site-Scripting.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. - - - - - - - - - - yoono-addfriends-xss(73149) - http://support.yoono.com/yoono/topics/xss-w35in - http://packetstormsecurity.org/files/109618/Yoono-Desktop-1.8.16-Cross-Site-Scripting.html - http://packetstormsecurity.org/files/109618/#comment-10343 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action. - - - - - - - - - - yoonofirefoxextension-addfriends-xss(73150) - 51970 - http://support.yoono.com/yoono/topics/xss-w35in - http://packetstormsecurity.org/files/109617/Yoono-Firefox-7.7.0-Cross-Site-Scripting.html - http://packetstormsecurity.org/files/109617/#comment-10344 - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action. - - - - - - - - - - - - 47948 - http://packetstormsecurity.org/files/109706/PBBoard-2.1.4-Cross-Site-Request-Forgery-Shell-Upload.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php. - - - - - - - - - - sths-prospects-team-sql-injection(73154) - 51991 - http://packetstormsecurity.org/files/109665/STHS-v2-Web-Portal-2.2-SQL-Injection.html - http://0nto.wordpress.com/2012/02/13/sths-v2-web-portal-2-2-sql-injection-vulnerabilty/ - - - - - - - - - - Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. - - - - - - - - - - - freelancerkit-multiple-sql-injection(73105) - http://www.vulnerability-lab.com/get_content.php?id=402 - 51946 - 47766 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information. - - - - - - - - - - freelancerkit-multiple-xss(73104) - http://www.vulnerability-lab.com/get_content.php?id=402 - 51946 - 47766 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password. - - - - - - - - - - - - gazie-adminutente-csrf(72991) - 18464 - 47947 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command. - - - - - - - - - r2-file-dir-traversal(73114) - 52061 - 79094 - 47966 - http://aluigi.org/adv/r2_1-adv.txt - - - - - - - - - - - - - Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23. - - - - - - - - - - - r2-file-bo(73113) - 52061 - 47966 - 79093 - http://aluigi.org/adv/r2_1-adv.txt - - - - - - - - - - - RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack. - - - - - - - - - r2-telnet-unauth-access(73115) - 47966 - 79095 - http://aluigi.org/adv/r2_1-adv.txt - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. - - - - - - - - - - http://www.darksecurity.de/advisories/2012/SSCHADV2012-004.txt - 78833 - - - - - - - - - - Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php. - - - - - - - - - - - 51956 - 47969 - 79011 - 20120210 Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities - - - - - - - - - - - - - - - - - - - - - Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. - - - - - - - - - - - - https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417 - https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2 - dolibarr-multiple-file-include(73136) - http://www.vulnerability-lab.com/get_content.php?id=428 - 20120210 Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities - 18480 - 20120227 Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module. - - - - - - - - - - - - 18474 - 47934 - 79005 - - - - - - - - - - SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter before 3.3.0.0 (aka 3.3.0) allow remote attackers to hijack the authentication of arbitrary users for requests that (1) tweet, (2) upload an image file, or (3) execute arbitrary commands. - - - - - - - - - - - - 48480 - JVNDB-2012-000027 - JVN#83459967 - http://janetter.net/history.html - http://blog.janetter.net/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack the authentication of arbitrary users. - - - - - - - - - - - - http://oss.icz.co.jp/news/?p=501 - JVNDB-2012-000029 - JVN#44913777 - - - - - - - - - - - Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors. - Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation' - - - - - - - - - - http://oss.icz.co.jp/news/?p=501 - JVNDB-2012-000030 - JVN#97200417 - - - - - - - - - - - The TopAccess web-based management interface on TOSHIBA TEC e-Studio multi-function peripheral (MFP) devices with firmware 30x through 302, 35x through 354, and 4xx through 421 allows remote attackers to bypass authentication and obtain administrative privileges via unspecified vectors. - - - - - - - - - - - - http://www.toshibatec.co.jp/information/2012/20120405/ - JVNDB-2012-000028 - JVN#92830293 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - https://chrome.google.com/webstore/detail/cfmkbngdlheahmooldblflapbpngmmbg - JVNDB-2012-000032 - JVN#90055996 - - - - - - - - - - GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. - - - - - - - - - - - JVNDB-2012-000031 - JVN#33283707 - [ruby-list] 20100619 ANN: ActiveScriptRuby 1.8.7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, and oreplug allows local users to gain privileges via a Trojan horse DLL in the current working directory. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' - - - - - - - - - - - - http://www.justsystems.com/jp/info/js12001.html - JVNDB-2012-000034 - JVN#95378720 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TwitRocker2 application before 1.0.23 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - https://play.google.com/store/apps/details?id=com.studiohitori.twitrocker2 - JVNDB-2012-000033 - JVN#00000601 - - - - - - - - - - - - - - The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. - - - - - - - - - - JVNDB-2012-000037 - JVN#82029095 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI. - - - - - - - - - - http://svn.osqa.net/changelog/OSQA/osqa/trunk?cs=1234 - JVNDB-2012-000036 - JVN#15503729 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. - - - - - - - - - - http://www.kent-web.com/cart/mart.html - JVNDB-2012-000041 - JVN#47536971 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions. - - - - - - - - - - http://www.kent-web.com/cart/mart.html - JVNDB-2012-000042 - JVN#63941302 - - - - - - - - - - app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain. - - - - - - - - - - - basercms-core-sec-bypass(75660) - 53543 - JVNDB-2012-000043 - JVN#53465692 - http://basercms.net/security/1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. - - - - - - - - - https://play.google.com/store/apps/details?id=jp.co.lunascape.android.ilunascape - 53619 - JVNDB-2012-000044 - JVN#86044443 - - - - - - - - - - Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication. - - - - - - - - - - - - http://www.logitec.co.jp/info/2012/0516.html - JVNDB-2012-000051 - JVN#85934986 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. - - - - - - - - - - http://www.opera.com/docs/changelogs/windows/963/ - http://www.opera.com/docs/changelogs/unix/963/ - http://www.opera.com/docs/changelogs/mac/963/ - JVNDB-2012-000049 - JVN#39707339 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760. - - - - - - - - - - JVNDB-2012-000048 - JVN#77947437 - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment. - - - - - - - - - http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.7/ - JVNDB-2012-000050 - JVN#21422837 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - JVNDB-2012-000052 - JVN#29083866 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - JVNDB-2012-000053 - JVN#97995841 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php. - - - - - - - - - VU#273502 - 48124 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the dbuser parameter, a different vulnerability than CVE-2012-0318. - - - - - - - - - - http://www.movabletype.org/documentation/appendices/release-notes/513.html - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt - JVNDB-2012-000016 - JVN#49836527 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file. - - - - - - - - - - - - http://gom.gomtv.com/gomIntro.html?type=4 - - - - - - - - - - The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session. - - - - - - - - - - - VU#707254 - - - - - - - - - - Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component. - - - - - - - - - https://service.sap.com/sap/support/notes/1585527 - netweaver-logview-directory-traversal(73346) - 52101 - http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a - 47861 - http://dsecrg.com/pages/vul/show.php?id=413 - http://dsecrg.com/pages/vul/show.php?id=412 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter. - - - - - - - - - - https://service.sap.com/sap/support/notes/1583300 - 52101 - http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a - 47861 - http://dsecrg.com/pages/vul/show.php?id=414 - - - - - - - - - - Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. - - - - - - - - - https://service.sap.com/sap/support/notes/1585527 - 52101 - http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a - 47861 - http://dsecrg.com/pages/vul/show.php?id=415 - - - - - - - - - - Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. - - - - - - - - - https://service.sap.com/sap/support/notes/1585527 - 52101 - http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a - 47861 - http://dsecrg.com/pages/vul/show.php?id=416 - - - - - - - - - - SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. - - - - - - - - - - - impulsiocms-index-sql-injection(73303) - 52063 - http://packetstormsecurity.org/files/109849/Impulsio-CMS-SQL-Injection.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23076 - elefantcms-preview-xss(73421) - 52143 - http://www.elefantcms.com/wiki/Changelog - http://www.elefantcms.com/forum/discussion/39/elefant-1.0.2-and-1.1.5-security-updates-released - 48118 - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in main.php in Contao (formerly TYPOlight) 2.11.0 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) delete users via a delete action in the user module, (2) delete news via a delete action in the news module, or (3) delete newsletters via a delete action in the newsletters module. - - - - - - - - - - - - contao-newsletter-csrf(73479) - 18527 - 48180 - http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html - http://ivanobinetti.blogspot.com/2012/02/contaocms-fka-typolight-211-csrf-delete.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536. - - - - - - - - - 20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities - 80696 - - - - - - - - - - - - - The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643. - - - - - - - - - 52754 - 20120328 Cisco IOS Software RSVP Denial of Service Vulnerability - 48621 - 48611 - 80692 - - - - - - - - - - - - - - - - - - The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226. - - - - - - - - - ciscoios-mace-dos(74429) - 52751 - 20120328 Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features - 48595 - 80703 - - - - - - - - - - - The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381. - - - - - - - - - ciscoios-waas-dos(74428) - 52751 - 20120328 Multiple Vulnerabilities in Cisco IOS Software Traffic Optimization Features - 48595 - 80702 - - - - - - - - - - - Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171. - - - - - - - - - ciscoios-sip-inspection-dos(74437) - 20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities - 80699 - - - - - - - - - - - - - Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, when IPS policies are configured, allows remote attackers to cause a denial of service (device crash) by sending IPv6 packets, aka Bug ID CSCtk53534. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html - - - - - - - - - - - dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html - - - - - - - - - - - - - Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237. - - - - - - - - - - - http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html - - - - - - - - - - - - - - Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. - - - - - - - - - - - - 20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - - - - - Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337. - - - - - - - - - - - 20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - - - - - Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336. - - - - - - - - - - - - 20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - - - - - Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Fabric Interconnect component in Cisco Unified Computing System (UCS) 2.0 allows remote attackers to cause a denial of service (process crash) via an attempted SSH session, aka Bug ID CSCtt94543. - - - - - - - - - http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL_25363.html - - - - - - - - - - The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 and 5.2 on MDS 9000 series switches allows remote attackers to cause a denial of service (module reload) via a crafted FCIP header, aka Bug ID CSCtn93151. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rel_notes_522.html - - - - - - - - - - - Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. - - - - - - - - - http://www.cisco.com/cisco/software/release.html?mdfid=279506669&catid=268437899&flowid=1915&reltype=all&relind=AVAILABLE&release=3.9.2&softwareid=280867577 - - - - - - - - - - - - Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-2TCAVS.html - - - - - - - - - - - Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. - - - - - - - - - https://www.cisco.com/en/US/docs/voice_ip_comm/cer/8_7/english/release/notes/CER0_BK_CEE780BD_00_cisco-emergency-responder-87-release_chapter_00.html - - - - - - - - - - - Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. - - - - - - - - - http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v501/release/notes/ws501xrn.pdf - - - - - - - - - - - - Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. - - - - - - - - - http://www.cisco.com/en/US/docs/wireless/access_point/ios/release/notes/12_3_8_JED1rn.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_1_3_N1_1/Nexus5000_Release_Notes_5_1_3_N1.pdf - - - - - - - - - - - - - - Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html - - - - - - - - - - - Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32452. - - - - - - - - - http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL_24086.html - - - - - - - - - - - Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote authenticated users to cause a denial of service (device reload) via a malformed SNMP request to a Fabric Interconnect (FI) device, aka Bug ID CSCts32463. - - - - - - - - - http://www.cisco.com/en/US/docs/unified_computing/ucs/release/notes/OL_24086.html - - - - - - - - - - - The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html - - - - - - - - - - - - - - Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html - - - - - - - - - - - - Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1380-vulnerability-in-NetEaseWeibo.html - - - - - - - - - - - Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1381-vulnerability-in-NetEaseCloudAlbum.html - - - - - - - - - - - Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) application 1.6.1, 2.0.1(2), and 3.0.0(1) for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1382-vulnerability-in-YoudaoDictionary.html - - - - - - - - - - - - Unspecified vulnerability in the NetEase Reader (com.netease.pris) application 1.1.2 and 1.2.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1383-vulnerability-in-NetEaseReader.html - - - - - - - - - - - Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1384-vulnerability-in-NetEasePmail.html - - - - - - - - - - - Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1385-vulnerability-in-NetEaseWeiboHD.html - - - - - - - - - - Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1386-vulnerability-in-YouMailVisualVoicemailPlus.html - - - - - - - - - - - Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1387-vulnerability-in-RealTalk.html - - - - - - - - - - Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1388-vulnerability-in-XiXunTianTian.html - - - - - - - - - - Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1389-vulnerability-in-DiLongWeibo.html - - - - - - - - - - Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1390-vulnerability-in-Miso.html - - - - - - - - - - Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1391-vulnerability-in-mOffice.html - - - - - - - - - - Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1392-vulnerability-in-DolphinBrowserHD.html - - - - - - - - - - - - - Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1393-vulnerability-in-GOSMSPro.html - - - - - - - - - - - - Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1394-vulnerability-in-GOEmailWidget.html - - - - - - - - - - - - Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.gowidget.twitterwidget) application 1.7 and 2.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1395-vulnerability-in-GOTwiWidget.html - - - - - - - - - - - Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1396-vulnerability-in-GOFBWidget.html - - - - - - - - - - - Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1397-vulnerability-in-GOQQWeiboWidget.html - - - - - - - - - - Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex.gowidget.weibowidget) application 2.4 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1398-vulnerability-in-GOWeiboWidget.html - - - - - - - - - - Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1399-vulnerability-in-U%2BBox.html - - - - - - - - - - - Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1400-vulnerability-in-U%2BBoxPad.html - - - - - - - - - - Unspecified vulnerability in the CamScanner (com.intsig.camscanner) application 1.2.2.20110823 and 1.3.2.20120116 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1401-vulnerability-in-CamScanner.html - - - - - - - - - - - Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) application 1.2.3 and 1.3.4 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1402-vulnerability-in-QianXunYingShi.html - - - - - - - - - - - Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.browser.cn) application 6.3.1 and 7.2.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1403-vulnerability-in-DolphinBrowserCN.html - - - - - - - - - - - Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1404-vulnerability-in-DolphinBrowserMini.html - - - - - - - - - - Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1405-vulnerability-in-GONoteWidget.html - - - - - - - - - - - Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1406-vulnerability-in-GOBookmarkWidget.html - - - - - - - - - - Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1407-vulnerability-in-GOMessageWidget.html - - - - - - - - - - - - Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1408-vulnerability-in-AppLock.html - - - - - - - - - - - Unspecified vulnerability in the Tiny Password (com.tinycouch.android.freepassword) application 1.64 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1409-vulnerability-in-TinyPassword.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description. - - - - - - - - - - https://gitorious.org/kadu/kadu/commit/ebe3674cf0f3aa9b36308c06e19cb293cc790b52 - https://gitorious.org/kadu/kadu/commit/e9506be6d3dcdd408fdf83d8eb82416c9b798c84 - https://gitorious.org/kadu/kadu/commit/94e7479617d78a1649a0763960edade7ad09a0d0 - https://gitorious.org/kadu/kadu/commit/91772e46541e22cbc2c7bf41a1a9798c2a58f6d6 - https://bugzilla.redhat.com/show_bug.cgi?id=797777 - https://bugzilla.novell.com/show_bug.cgi?id=749036 - [oss-security] 20120227 CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history - [oss-security] 20120227 Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in zc_install/includes/modules/pages/database_setup/header_php.php in Zen Cart 1.5.0 and earlier, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the db_username parameter to zc_install/index.php. - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-004.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/02/stable-channel-update-for-chromebooks_24.html - - - - - - - - - - - - - - - - - - - The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 52572 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - - - - - - - - - - - - - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80407 - 80406 - 80403 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - - - - - - - - - - - - - - - - - - - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 52583 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - - - - - - - - - - - - - - - - - - - The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80407 - 80406 - 80396 - 80395 - 80393 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80392 - 80391 - 80390 - - - - - - - - - - - - - - - - - - - - - - - - - The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \50\4B\03\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80403 - 80396 - 80395 - 80392 - 80391 - 80389 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \42\5A\68 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - multiple-av-tar-evasion-cve20121426(74241) - 52585 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80407 - 80406 - - - - - - - - - - - - - - - - - - - - - - - - - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - multiple-av-tar-evasion-cve20121427(74242) - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80390 - - - - - - - - - - - - - - - - The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - multiple-av-tar-evasion-cve20121428(74243) - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80390 - - - - - - - - - - - - - - - - The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - multiple-av-elf-ustar-evasion(74244) - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Gateway (formerly Webwasher) 2010.1C, nProtect Anti-Virus 2011-01-17.01, Sophos Anti-Virus 4.61.0, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via an ELF file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. - - - - - - - - - 52597 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via an Office file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Office parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 52602 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA eTrust Vet Antivirus 36.1.8511, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified identsize field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 52598 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80428 - 80427 - 80426 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. - - - - - - - - - 52612 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abiversion field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 52604 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80429 - - - - - - - - - - - - - - - - - - - The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 52605 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 52600 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80431 - 80430 - 80428 - 80427 - 80426 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80432 - - - - - - - - - - - - - - - - - - - The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMajor field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 52616 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 52617 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 52619 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 52621 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80489 - 80488 - 80487 - 80485 - 80484 - 80482 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80432 - - - - - - - - - - - - - - - - - - - - - - - - - The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - multiple-av-zip-archive-evasion(74289) - 52608 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80406 - 80403 - 80396 - 80395 - 80391 - 80390 - 80389 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - multiple-av-tar-length-evasion(74293) - 52610 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80407 - 80406 - 80403 - 80396 - 80395 - 80393 - 80392 - 80391 - 80389 - openSUSE-SU-2012:0833 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - openSUSE-SU-2012:0833 - - - - - - - - - - - - - The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80409 - 80407 - 80406 - 80403 - 80396 - 80395 - 80393 - 80392 - 80391 - 80390 - 80389 - openSUSE-SU-2012:0833 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with stray bytes at the end. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. - - - - - - - - - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. - - - - - - - - - 52626 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations. - - - - - - - - - 52613 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. - - - - - - - - - multiple-av-elf-file-evasion(74311) - 52614 - 20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products - http://www.ieee-security.org/TC/SP2012/program.html - 80426 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information. - - - - - - - - - netdecision-info-disclosure(73549) - http://www.netmechanica.com/news/?news_id=26 - 18543 - 48168 - http://secpod.org/blog/?p=478 - http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt - 79653 - - - - - - - - - - Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information. - - - - - - - - - netdecision-http-dos(73528) - 52208 - 52194 - http://www.netmechanica.com/news/?news_id=26 - 18541 - 48168 - http://secpod.org/blog/?p=484 - http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_HTTP_Server_DoS_Vuln.txt - 79651 - - - - - - - - - - The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information. - - - - - - - - - netdecision-traffic-nd-source-disclosure(73531) - 52196 - http://www.netmechanica.com/news/?news_id=26 - 18542 - 48168 - http://secpod.org/blog/?p=481 - http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt - 79652 - - - - - - - - - - Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files via a .. (dot dot) in the param parameter to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23079 - http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431 - - - - - - - - - - Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions. - Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist' - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23079 - http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431 - http://pkp.sfu.ca/ojs/RELEASE-2.3.7 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23079 - open-journal-editor-xss(74227) - open-journal-string-xss(74226) - open-journal-index-xss(74225) - 80257 - 80256 - 80255 - 48464 - 48449 - http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431 - http://pkp.sfu.ca/ojs/RELEASE-2.3.7 - 20120321 Multiple vulnerabilities in Open Journal Systems (OJS) - - - - - - - - - - VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors. - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0002.html - - - - - - - - - - - Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1474-vulnerability-in-YouniSMS.html - - - - - - - - - - - Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1475-vulnerability-in-YagattaTalkMessenger.html - - - - - - - - - - Unspecified vulnerability in the KKtalk (com.kkliaotian.android) application 4.0.0 and 4.1.5 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1476-vulnerability-in-KKtalk.html - - - - - - - - - - - Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1477-vulnerability-in-Cnectd.html - - - - - - - - - - Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) application 2.2.0 and 3.2.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1478-vulnerability-in-UCMobileBloveStorm.html - - - - - - - - - - - Unspecified vulnerability in the AContact (com.movester.quickcontact) application 1.8.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1479-vulnerability-in-AContact.html - - - - - - - - - - Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application 1.97, 2.01, and 2.07 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1480-vulnerability-in-PansiSMS.html - - - - - - - - - - - - Unspecified vulnerability in the Textdroid (com.app.android.textdroid) application 2.5.2 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1481-vulnerability-in-Textdroid.html - - - - - - - - - - Unspecified vulnerability in the TouchPal Contacts (com.cootek.smartdialer) application 3.3.1 and 4.0.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1482-vulnerability-in-TouchPalContacts.html - - - - - - - - - - - Unspecified vulnerability in the Message Forwarder (com.gmail.zbnetium) application 1.12.20110409.1 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1483-vulnerability-in-MessageForwarder.html - - - - - - - - - - Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) application 2.9.2 and 3.7.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1484-vulnerability-in-WaliSMSCN.html - - - - - - - - - - - Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors. - - - - - - - - - - - http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1485-vulnerability-in-NetFrontLifeBrowser.html - - - - - - - - - - - F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. - - - - - - - - - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/ssh/f5_bigip_known_privkey.rb - https://www.trustmatta.com/advisories/MATTA-2012-002.txt - http://www.theregister.co.uk/2012/06/13/f5_kit_metasploit_exploit/ - http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role. - - - - - - - - - http://www.movabletype.org/documentation/appendices/release-notes/513.html - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio CMS 1.1.4 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via an add action to admin/users/add or (2) modify a web page via a save action to admin/pages/edit/web_page_name. - - - - - - - - - - - - webfoliocms-addadmin-modifywebpage-csrf(73575) - 52218 - 18536 - 48190 - http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html - 79658 - http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=805912 - http://technet.microsoft.com/en-us/security/msvr/msvr12-004 - GLSA-201206-06 - http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS - FEDORA-2012-9602 - FEDORA-2012-9628 - http://code.google.com/p/openjpeg/source/detail?r=1330 - - - - - - - - - - - Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string. - - - - - - - - - - - pypam-password-dos(73857) - 79892 - http://www.lsexperts.de/advisories/lse-2012-03-01.txt - DSA-2430 - USN-1395-1 - 48746 - 48332 - 48312 - openSUSE-SU-2012:0487 - - - - - - - - - - The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0005.html - http://www.vmware.com/security/advisories/VMSA-2012-0004.html - 52524 - 48378 - 80115 - 20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting - - - - - - - - - - - - - - - - - - - Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0005.html - http://www.vmware.com/security/advisories/VMSA-2012-0004.html - 52524 - 20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting - - - - - - - - - - Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0005.html - http://www.vmware.com/security/advisories/VMSA-2012-0004.html - 52524 - 48378 - 20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in View Manager Portal in VMware View before 4.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0004.html - 20120316 VMSA-2012-0004 VMware View privilege escalation and cross-site scripting - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry. - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0005.html - 52525 - - - - - - - - - - - The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document. - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0005.html - 52525 - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in VMware vShield Manager (vSM) 1.0.1 before Update 2 and 4.1.0 before Update 2 allows remote attackers to hijack the authentication of arbitrary users. - - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0005.html - 52525 - - - - - - - - - - - VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. - - - - - - - - - - - vmware-esxserver-io-privilege-escalation(74480) - http://www.vmware.com/security/advisories/VMSA-2012-0006.html - MS12-042 - oval:org.mitre.oval:def:15209 - - - - - - - - - - - - - - - - - The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0009.html - - - - - - - - - - - - - - - - - - - - - - The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving function pointers. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0009.html - - - - - - - - - - - - - VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 though 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0007.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - oval:org.mitre.oval:def:15397 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=117110 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-044 - oval:org.mitre.oval:def:15464 - - - - - - - - - - Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15579 - - - - - - - - - - - - Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-044 - oval:org.mitre.oval:def:15595 - - - - - - - - - - Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." - - - - - - - - - - - - MS12-052 - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4167. Reason: This candidate is a reservation duplicate of CVE-2012-4167. Notes: All CVE users should reference CVE-2012-4167 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. - - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-18.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1876. Reason: This candidate is a duplicate of CVE-2012-1876. Notes: All CVE users should reference CVE-2012-1876 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. - - - - - - - - - - - http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 - http://twitter.com/vupen/statuses/177895844828291073 - http://pwn2own.zerodayinitiative.com/status.html - http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. - - - - - - - - - - - 52267 - 79769 - [oss-security] 20120308 CVE-request: Parallels Plesk Panel admin/plib/api-rpc/Agent.php Unspecified SQL Injection - http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html - http://www.cert.fi/haavoittuvuudet/2012/haavoittuvuus-2012-035.html - 48262 - http://kb.parallels.com/en/113321 - http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10216 - http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10216 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. - - - - - - - - - http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. - - - - - - - - - [gnutls-devel] 20120316 gnutls 3.0.16 - https://bugzilla.redhat.com/show_bug.cgi?id=804920 - [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 - [oss-security] 20120320 Re: CVE request: libtasn1 - [oss-security] 20120320 CVE request: libtasn1 - http://www.gnu.org/software/gnutls/security.html - 48596 - http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/ - [help-libtasn1] 20120319 minimal fix to security issue - [help-libtasn1] 20120319 GNU Libtasn1 2.12 released - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=804770 - [oss-security] 20120320 Re: CVE request: maradns deleted domain record cache persistance flaw - [oss-security] 20120319 CVE request: maradns deleted domain record cache persistance flaw - http://www.maradns.org/changelog.html - 48492 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. - - - - - - - - - - https://github.com/glensc/file/commit/1aec04dbf8a24b8a6ba64c4f74efa0628e36db0b - https://github.com/glensc/file/commit/1859fdb4e67c49c463c4e0078054335cd46ba295 - [file] 20120221 file-5.11 is now available - MDVSA-2012:035 - DSA-2422 - - - - - - - - - - - - - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. - - - - - - - - - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185 - http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d - https://bugzilla.redhat.com/show_bug.cgi?id=805432 - USN-1418-1 - [oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 - [oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01 - http://www.gnu.org/software/gnutls/security.html - 48596 - RHSA-2012:0429 - 80259 - http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/ - [gnutls-devel] 20120302 gnutls 3.0.15 - [gnutls-devel] 20120302 gnutls 2.12.16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors. - - - - - - - - - - - https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin - 20120405 [CVE-2012-1574] Apache Hadoop user impersonation vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages. - - - - - - - - - - [cumin-developers] 20120306 r5238 - in trunk: cumin/python/cumin cumin/python/cumin/grid cumin/python/cumin/inventory cumin/python/cumin/messaging rosemary/python/rosemary wooly/python/wooly - https://bugzilla.redhat.com/show_bug.cgi?id=805712 - https://bugzilla.redhat.com/attachment.cgi?id=571986 - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that (1) block a user via a request to the Block module or (2) unblock a user via a request to the Unblock module. - - - - - - - - - - - - https://bugzilla.wikimedia.org/show_bug.cgi?id=34212 - 52689 - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 - 48504 - 80361 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 - - - - - - - - - - - - - - - - The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. - - - - - - - - - https://bugzilla.wikimedia.org/show_bug.cgi?id=34907 - 52689 - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 - 48504 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files. - - - - - - - - - - - - https://bugzilla.wikimedia.org/show_bug.cgi?id=35317 - mediawiki-specialupload-csrf(74286) - 52689 - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 - 48504 - 80364 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 - - - - - - - - - - - - - - - - MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users. - - - - - - - - - https://bugzilla.wikimedia.org/show_bug.cgi?id=35078 - 52689 - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 - 48504 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension. - - - - - - - - - - https://bugzilla.wikimedia.org/show_bug.cgi?id=35315 - mediawiki-wikitext-xss(74288) - 52689 - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 - 48504 - 80363 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 - - - - - - - - - - - - - - - - Double free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets. - - - - - - - - - https://github.com/torvalds/linux/commit/d0772b70faaf8e9f2013b6c4273d94d5eac8047a - https://bugzilla.redhat.com/show_bug.cgi?id=752304 - 1026930 - 53139 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d0772b70faaf8e9f2013b6c4273d94d5eac8047a - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation. - - - - - - - - - https://github.com/taglib/taglib/commit/dcdf4fd954e3213c355746fa15b7480461972308 - 52290 - [oss-security] 20120326 Re: CVE-Request taglib vulnerabilities - [oss-security] 20120321 Re: CVE-Request taglib vulnerabilities - [oss-security] 20120305 Re: CVE-Request taglib vulnerabilities - GLSA-201206-16 - 49688 - 48211 - [pipermail] 20120305 multiple security vulnerabilities in taglib - [pipermail] 20120304 multiple security vulnerabilities in taglib - - - - - - - - - - - - - - - - - - - - - OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. - - - - - - - - - [Openstack] 20120329 [OSSA 2012-003] Long server names grow nova-api log files significantly (CVE-2012-1585) - https://bugs.launchpad.net/nova/+bug/962515 - FEDORA-2012-5026 - - - - - - - - - - mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message. - - - - - - - - - https://bugzilla.samba.org/show_bug.cgi?id=8821 - [oss-security] 20120327 Re: CVE id request: cifs-utils - [oss-security] 20120327 CVE id request: cifs-utils - SUSE-SU-2012:0575 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665923 - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4944. Reason: This candidate is a duplicate of CVE-2011-4944. Notes: All CVE users should reference CVE-2011-4944 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL. - - - - - - - - - - - JVNDB-2012-000045 - JVN#45898075 - http://drupal.org/node/1557938 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. - Per: http://cwe.mitre.org/data/definitions/476.html - -'CWE-476: NULL Pointer Dereference' - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6823 - http://www.wireshark.org/security/wnpa-sec-2012-04.html - [oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 - 48986 - oval:org.mitre.oval:def:14991 - openSUSE-SU-2012:0558 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40962 - - - - - - - - - - - - - - - - - - - - - epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6809 - http://www.wireshark.org/security/wnpa-sec-2012-05.html - [oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 - oval:org.mitre.oval:def:15244 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=40967 - - - - - - - - - - - - - - - The pcap_process_pseudo_header function in wiretap/pcap-common.c in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a WTAP_ENCAP_ERF file containing an Extension or Multi-Channel header with an invalid pseudoheader size, related to the pcap and pcap-ng file parsers. - - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6804 - http://www.wireshark.org/security/wnpa-sec-2012-06.html - [oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 - 48986 - oval:org.mitre.oval:def:15548 - openSUSE-SU-2012:0558 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=41008 - - - - - - - - - - - - - - - - - - - - - - - - - - - The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6833 - http://www.wireshark.org/security/wnpa-sec-2012-07.html - [oss-security] 20120328 Re: CVE Request: Multiple wireshark security flaws resolved in 1.4.12 and 1.6.6 - 48986 - oval:org.mitre.oval:def:15194 - openSUSE-SU-2012:0558 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=41001 - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - https://github.com/ezsystems/ezjscore/commit/58854564c7b8672090c25c4b1677d08620d870f2 - [oss-security] 20120511 CVE-2012-1597: XSS in eZ Publish - http://share.ez.no/community-project/security-advisories/ezsa-2012-006-xss-exploit-on-ezjscore-run-command-when-using-firefox - - - - - - - - - - - The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. - - - - - - - - - https://github.com/torvalds/linux/commit/9c895160d25a76c21b65bad141b08e8d4f99afef - https://bugzilla.redhat.com/show_bug.cgi?id=808199 - [oss-security] 20120329 Re: CVE request -- kernel: kvm: irqchip_in_kernel() and vcpu->arch.apic inconsistency - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 - - - - - - - - - - The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." - - - - - - - - - 52771 - 80759 - [oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 52771 - [oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001 - DSA-2445 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ - 48647 - 48622 - 80760 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request. - - - - - - - - - 52771 - [oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001 - DSA-2445 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ - 48647 - 48622 - 80761 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters. - - - - - - - - - 52771 - 80762 - [oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001 - DSA-2445 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ - 48647 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0259 - imagemagick-getexifproperty-dos(74660) - 52898 - 81024 - [oss-security] 20120404 CVE-2012-1610 assignment notification: ImageMagick insufficient patch for CVE-2012-0259 - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 - DSA-2462 - USN-1435-1 - 49317 - 49043 - 48974 - openSUSE-SU-2012:0692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. - - - - - - - - - [oss-security] 20120403 Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308 - [oss-security] 20120403 CVE-request: Joomla 2012-04 398-20120307 399-20120308 - 48683 - http://developer.joomla.org/security/news/398-20120307-core-information-disclosure.html - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 52859 - 80880 - [oss-security] 20120403 Re: CVE-request: Joomla 2012-04 398-20120307 399-20120308 - [oss-security] 20120403 CVE-request: Joomla 2012-04 398-20120307 399-20120308 - 48683 - http://developer.joomla.org/security/news/399-20120308-core-xss-vulnerability.html - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter. - - - - - - - - - - http://forum.coppermine-gallery.net/index.php/topic,74682.0.html - http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354 - http://www.waraxe.us/advisory-81.html - 52818 - [oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 - [oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 - [oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 - 18680 - 48643 - http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html - 80731 - 20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message. - - - - - - - - - http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.6.x/edit_one_pic.php?r1=8348&r2=8354 - http://www.waraxe.us/advisory-81.html - 52818 - [oss-security] 20120403 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 - [oss-security] 20120330 Re: CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 - [oss-security] 20120330 CVE-request: Coppermine 1.5.18 waraxe-2012-SA#081 - 18680 - http://packetstormsecurity.org/files/111369/Coppermine-1.5.18-Cross-Site-Scripting-Path-Disclosure.html - 80735 - 80734 - 80733 - 80732 - http://forum.coppermine-gallery.net/index.php/topic,74682.0.html - 20120329 [waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=809697 - argyll-icc-code-execution(75162) - 53240 - 81617 - http://www.argyllcms.com/icc_readme.html - GLSA-201206-04 - 49602 - 48921 - FEDORA-2012-6529 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows. - - - - - - - - - - http://hg.suckless.org/slock/rev/891a4984aba6 - https://bugzilla.redhat.com/show_bug.cgi?id=786310 - https://bugs.gentoo.org/show_bug.cgi?id=401645 - slock-xraisewindow-sec-bypass(74666) - 81035 - [oss-security] 20120405 Re: CVE Request: slock-0.9 displays modal box after locking - [oss-security] 20120405 CVE Request: slock-0.9 displays modal box after locking - 48700 - - - - - - - - - - The hook_node_access function in the revisioning module 7.x-1.x before 7.x-1.3 for Drupal checks the permissions of the current user even when it is called to check permissions of other users, which allows remote attackers to bypass intended access restrictions, as demonstrated when using the XML sitemap module to obtain sensitive information about unpublished content. - - - - - - - - - - https://drupal.org/node/1409268 - http://drupal.org/node/1407456 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - - - - - - - - - - - - - - - - - - - - - - - - - - - - The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. - - - - - - - - - - - http://drupal.org/node/1432320 - http://drupal.org/node/1432318 - https://drupal.org/node/1432970 - 79014 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - [oss-security] 20120319 Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017 - [oss-security] 20120316 CVE-request: Drupal Finder SA-CONTRIB-2012-017 - http://www.madirish.net/content/drupal-finder-6x-19-xss-and-remote-code-execution-vulnerabilities - 47943 - 47915 - http://drupalcode.org/project/finder.git/commit/bc0cc82 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - includes/linkchecker.pages.inc in the Link checker module 6.x-2.x before 6.x-2.5 for Drupal does not properly enforce access permissions on broken links, which allows remote attackers to obtain sensitive information via unspecified vectors. - - - - - - - - - https://drupal.org/node/1441252 - http://drupalcode.org/project/linkchecker.git/commit/fef0ddf - http://drupal.org/node/1440508 - 79315 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48022 - - - - - - - - - - - - - - - The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors. - - - - - - - - - https://drupal.org/node/1441448 - http://drupalcode.org/project/fp.git/commitdiff/39e7587 - http://drupal.org/node/1441556 - 79316 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48019 - - - - - - - - - - - The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors. - - - - - - - - - https://drupal.org/node/1441450 - http://drupalcode.org/project/og_vocab.git/commitdiff/cd8de08 - ogvocabulary-title-xss(53902) - 79336 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48020 - http://drupal.org/node/1441086 - - - - - - - - - - - - The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php. - - - - - - - - - https://drupal.org/node/1441502 - http://drupalcode.org/project/cdn.git/commitdiff/eca85e6 - http://drupalcode.org/project/cdn.git/commitdiff/cd2a5ff - http://drupal.org/node/1441482 - 79317 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48032 - http://drupal.org/node/1441480 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via (1) $_SERVER['HTTP_HOST'] or (2) $_SERVER['SCRIPT_NAME'] to players/osmplayer/player/OSMPlayer.php, (3) playlist parameter to players/osmplayer/player/getplaylist.php, and possibly other vectors related to $_SESSION. - - - - - - - - - - https://drupal.org/node/1461424 - https://drupal.org/node/1460894 - https://drupal.org/node/1460892 - http://drupalcode.org/project/mediafront.git/commitdiff/b3857aa - http://drupalcode.org/project/mediafront.git/commitdiff/6300750 - mediafront-phplibrary-xss(73606) - 52229 - 79684 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - coolaid-helpmessages-xss(73607) - 52232 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48196 - 79712 - http://drupal.org/node/1461438 - http://drupal.org/node/1417186 - - - - - - - - - - - - - - - - - - Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1417186 - coolaid-helpmessages-security-bypass(73608) - 52232 - 79772 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48196 - http://drupal.org/node/1461438 - - - - - - - - - - - - - - - - - - The ZipCart module 6.x before 6.x-1.4 for Drupal checks the "access content" permission instead of the "access ZipCart downloads" permission when building archives, which allows remote authenticated users with access content permission to bypass intended access restrictions. - - - - - - - - - - - https://drupal.org/node/1461446 - https://drupal.org/node/1460892 - http://drupalcode.org/project/zipcart.git/commitdiff/fe143c2 - zipcart-archives-security-bypass(73609) - 52231 - 79766 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - - - - - - - - - - - - ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file. - - - - - - - - - - - - 1027170 - 82986 - 19138 - http://www.cs.umb.edu/~joecohen/exploits/CVE-2012-1661/ - http://packetstormsecurity.org/files/113644/ESRI-ArcMap-Arbitrary-Code-Execution.html - - - - - - - - - - - - - - CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through SP1, and r16 before SP1 on Windows allows remote attackers to cause a denial of service (service shutdown) via a crafted network request. - - - - - - - - - https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7b983E3A52-8374-410A-82BD-B8788733C70F%7d - - - - - - - - - - - - - - Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. - - - - - - - - - - - [gnutls-devel] 20120224 gnutls 3.0.14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 and 5.0 before P03 allows local users to gain privileges via a Trojan horse tpfc.dll file in the current working directory. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - https://www.vmware.com/support/vsphere4/doc/vsp_esxi41_u3_rel_notes.html#resolvedissuessecurity - 20120904 VMWare Tools susceptible to binary planting by hijack - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. - - - - - - - - - - https://kb.isc.org/article/AA-00698 - http://www.isc.org/software/bind/advisories/cve-2012-1667 - HPSBUX02795 - SSRT100878 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action. - - - - - - - - - http://downloads.sourceforge.net/project/php-gradebook/phpGradeBook%20-%20BETA/1.9.5/phpGradeBook1.9.5.zip - 18647 - - - - - - - - - - - SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter. - - - - - - - - - - - 18702 - - - - - - - - - - SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter. - - - - - - - - - - - 18700 - - - - - - - - - - Unspecified vulnerability in the Siebel Clinical component in Oracle Industry Applications 7.7, 7.8, 8.0.0.x, 8.1.1.x, and 8.2.2.x allows remote authenticated users to affect integrity via unknown vectors related to Web UI. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." - - - - - - - - - - - VU#359816 - https://blogs.oracle.com/security/entry/security_alert_for_cve_2012 - oracledatabase-tnslistener-spoofing(75303) - 1027000 - 53308 - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-1675-1608180.html - 20120428 Oracle TNS Poison vulnerability is actually a 0day with no patch available - 20120418 The history of a -probably- 13 years old Oracle bug: TNS Poison - SUSE-SU-2012:0765 - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual Banking. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to gssd. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM). - - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML. - - - - - - - - - 53067 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. - - - - - - - - - 53074 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP). - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. - - - - - - - - - 53058 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging. - - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Base. - - - - - - - - - 1026953 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - - - - Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors. - - - - - - - - - 1026929 - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - - Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. - - - Per: http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - -'Applies to printing on the Solaris and Linux platforms. This vulnerability cannot be exploited through untrusted Java Web Start applications or untrusted Java applets. It also cannot be exploited by supplying data to APIs in the specified Component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service.' - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Repository. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Password Management. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to User Administration Pages. - - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0.x, 4.6.2, and 4.6.3 allows remote authenticated users to affect confidentiality, related to HTML Surround. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx. - - - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to PC. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to MCF. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264. - - - - - - - - - - - http://player.gomlab.com/eng/download/ - - - - - - - - - - Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream. - - - - - - - - - - - - http://www.videolan.org/security/sa1201.html - oval:org.mitre.oval:def:14820 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream. - - - - - - - - - - - - http://www.videolan.org/security/sa1202.html - oval:org.mitre.oval:def:14817 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter. - - - - - - - - - - - https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt - http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13463.html - 48455 - 20120328 SEC Consult SA-20120328-0 :: F5 FirePass SSL VPN unauthenticated remote root through SQL injection - CVE-2012-1777 - - - - - - - - - - - - SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. - - - - - - - - - - - createvision-artykulprint-sql-injection(73483) - 18525 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php. - - - - - - - - - - idevbusinessdirectory-index-xss(73505) - 52171 - 48173 - http://packetstormsecurity.org/files/110212/idev-BusinessDirectory-3.0-Cross-Site-Scripting.html - - - - - - - - - - SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter. - - - - - - - - - - - socialcms-commentajax-sql-injection(73440) - 52109 - 48082 - 44313 - http://packetstormsecurity.org/files/110043/SocialCMS-Cross-Site-Scripting-SQL-Injection.html - 79458 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_name parameters. - - - - - - - - - - socialcms-search-xss(73442) - 52109 - 48082 - http://packetstormsecurity.org/files/110043/SocialCMS-Cross-Site-Scripting-SQL-Injection.html - 79457 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar. - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=461 - 52184 - 20120227 OSQA CMS v3b - Multiple Persistent Vulnerabilities - - - - - - - - - - Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number. - - - - - - - - - tiny-http-dos(73482) - 18524 - - - - - - - - - - - - SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php. - - - - - - - - - - - myjoblist-index-sql-injection(73503) - 52168 - 48169 - http://packetstormsecurity.org/files/110225/MyJobList-0.1.3-SQL-Injection.html - - - - - - - - - - kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors. - - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924 - videoembed-kgcallffmpeg-code-execution(73508) - 52180 - http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/ - 48087 - - - - - - - - - - - - - - - - - - The Media Upload form in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to obtain the installation path via unknown vectors. - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924 - http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/ - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters. - - - - - - - - - - webglimpse-wgarcmin-xss(73485) - 52170 - http://websecurity.com.ua/3089/ - 48049 - http://packetstormsecurity.org/files/110219/Webglimpse-Brute-Force-Cross-Site-Scripting.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_website, or (5) help_example_url parameters in an hd_modify_record action. - - - - - - - - - - wonderdesk-wonderdesk-xss(73502) - http://st2tea.blogspot.com/2012/02/wonderdesk-cross-site-scripting.html - 48167 - http://packetstormsecurity.org/files/110224/WonderDesk-Cross-Site-Scripting.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname parameters to modules/groups/addgroupform.php. - - - - - - - - - - kongreg8-multiple-xss(73510) - 52178 - 20120224 Kongreg8 1.7.3 Mutiple XSS - - - - - - - - - - Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows remote attackers to read arbitrary files via a full pathname in the file parameter to index.php. - - - - - - - - - webgrind-index-file-include(73509) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5075.php - 18523 - http://packetstormsecurity.org/files/110216 - http://code.google.com/p/webgrind/issues/detail?id=66 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, which is not properly handled in an error message. NOTE: this might not be a vulnerability, since the ability to access oscommerce/index.php during installation may already imply administrator privileges. - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-005.txt - - - - - - - - - - - - - webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter, as exploited in the wild in March 2012. - - - - - - - - - - - VU#364363 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. - - - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg21586193 - IC79970 - oval:org.mitre.oval:def:14526 - - - - - - - - - - - - - - - - - - - - - - IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. - - - - - - - - - - - IC79518 - http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518 - oval:org.mitre.oval:def:14922 - - - - - - - - - - The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image. - - - - - - - - - - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 - imagemagick-tiffexififd-dos(74659) - 52898 - 81023 - DSA-2462 - 49317 - 49068 - 49063 - 48974 - RHSA-2012:0544 - openSUSE-SU-2012:0692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf - http://support.automation.siemens.com/WW/view/en/59869684 - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-05.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf - http://support.automation.siemens.com/WW/view/en/59869684 - - - - - - - - - - - - - - - - - - - - - Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-095-01A.pdf - http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/35df9dc4a94ae83ac12579ca0043acc1/$file/SI10231A2%20rev%200.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-04.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-130874.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a factory account with a password derived from the MAC Address field in the banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) TELNET, (2) remote shell (aka rsh), or (3) serial-console session. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf - http://www.kb.cert.org/vuls/id/MAPG-8RCPEN - VU#889195 - http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/ - 53215 - http://www.ruggedcom.com/productbulletin/ros-security-page/ - 20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say... - http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars - - - - - - - - - - - - - - - The OPC server in Progea Movicon before 11.3 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted HTTP request. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-01.pdf - 53484 - 49092 - - - - - - - - - - Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-102-02.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf - - - - - - - - - - - - - - - - - - - - - - PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to cause a denial of service (daemon crash) via a crafted (1) TCP or (2) UDP packet to port 111. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via an invalid field in a project file. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf - - - - - - - - - - - - - - - - - - - - - - An unspecified ActiveX control in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to overwrite arbitrary files via unknown vectors. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory. - Per: http://cwe.mitre.org/data/lists/426.html - -'Untrusted Search Path' - - - Per: http://www.us-cert.gov/control_systems/pdf/ICSA-12-122-01.pdf - -'This vulnerability is remotely exploitable but may require the use of social engineering to exploit.' - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-122-01.pdf - http://en.wellintech.com/news/detail.aspx?contentid=168 - - - - - - - - - - The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and earlier allows remote attackers to cause a denial of service (assertion failure and daemon exit) by leveraging a BGP peering relationship and sending a malformed Outbound Route Filtering (ORF) capability TLV in an OPEN message. - - - - - - - - - VU#962587 - DSA-2497 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120522_00 - 50358 - 82147 - - - - - - - - - - - - - - - - sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. - - - - - - - - - - - VU#520827 - https://bugs.php.net/bug.php?id=61910 - http://www.php.net/ChangeLog-5.php#5.4.2 - https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 - http://www.php.net/archive/2012.php#id2012-05-03-1 - 49087 - 49065 - 49014 - RHSA-2012:0568 - RHSA-2012:0547 - RHSA-2012:0546 - HPSBUX02791 - SSRT100856 - HPSBMU02786 - SSRT100877 - http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Measuresoft ScadaPro Client before 4.0.0 and ScadaPro Server before 4.0.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-01.pdf - http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Server/DOCUMENTATION/ReleaseNotes.doc - http://www.measuresoft.net/downloads/Measuresoft%20SCADA%204.4.6/issue_disks/Client/DOCUMENTATION/ReleaseNotes.doc - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter. - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ - VU#815532 - - - - - - - - - - - dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. - - - - - - - - - - - VU#898083 - https://github.com/dotCMS/dotCMS/issues/281 - https://github.com/dotCMS/dotCMS/issues/261 - https://gist.github.com/2627440 - 49276 - http://dotcms.com/dotCMSVersions/ - - - - - - - - - - - The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request. - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8RQL83 - VU#773035 - - - - - - - - - - - The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function. - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8RQL83 - VU#773035 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields. - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8RQL83 - VU#773035 - - - - - - - - - - Stack-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. - - - Per: http://www.wellintech.com/index.php/news/33-patch-for-kingview653 - -"KingView with the version 65.30.17249( TouchExplorer: 65.30.2003.17249; TouchVew: 65.30.2003.17376) and also the previous version is affected." - - - - - - - - - - - http://www.wellintech.com/index.php/news/33-patch-for-kingview653 - http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf - - - - - - - - - - - - - - - Heap-based buffer overflow in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 555. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf - http://www.wellintech.com/index.php/news/33-patch-for-kingview653 - - - - - - - - - - - - - - - WellinTech KingView 6.53 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a crafted packet to (1) TCP or (2) UDP port 2001. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf - http://www.wellintech.com/index.php/news/33-patch-for-kingview653 - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23082 - 52986 - 20120411 Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress - - - - - - - - - - - Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow remote attackers to execute arbitrary code via a crafted DNS query that uses compression. - - - - - - - - - - - VU#212651 - https://github.com/inspircd/inspircd/commit/fe7dbd2c104c37f6f3af7d9f1646a3c332aea4a4 - - - - - - - - - - The (1) webreports, (2) post/create-role, and (3) post/update-role programs in IBM Tivoli Endpoint Manager (TEM) before 8.2 do not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg21587743 - - - - - - - - - - - The web management interface on the LG-Nortel ELO GS24M switch allows remote attackers to bypass authentication, and consequently obtain cleartext credential and configuration information, via a direct request to a configuration web page. - - - - - - - - - VU#523027 - - - - - - - - - - Multiple directory traversal vulnerabilities in the Get Template feature in plugins/gui.ajax/class.AJXP_ClientDriver.php in AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) pluginName or (2) pluginPath parameter in a get_template action. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - VU#504019 - http://ajaxplorer.info/ajaxplorer-4-0-4/ - 52298 - 79810 - 48226 - - - - - - - - - - - - - - - - - - AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. - - - - - - - - - - - VU#504019 - http://ajaxplorer.info/ajaxplorer-4-0-4/ - - - - - - - - - - - - - - - - - - Absolute path traversal vulnerability in logShow.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to read arbitrary files via a full pathname in the file parameter. - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8NVRPY - http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 - VU#913483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8NVRPY - http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 - VU#913483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to hijack the authentication of users for requests that execute Linux commands via the fileName parameter, related to a "command-injection vulnerability." - - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8NVRPY - http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 - VU#913483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MORO-8QNJLE - http://www.kb.cert.org/vuls/id/MAPG-8NVRPY - http://www.kb.cert.org/vuls/id/MAPG-8NNKN8 - VU#913483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the DEP and ASLR protection mechanisms, and execute arbitrary code, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." - - - - - - - - - - - http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588 - http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/ - http://twitter.com/vupen/statuses/177576000761237505 - http://pwn2own.zerodayinitiative.com/status.html - oval:org.mitre.oval:def:14843 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." - - - - - - - - - - - http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588 - http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/ - http://twitter.com/vupen/statuses/177576000761237505 - http://pwn2own.zerodayinitiative.com/status.html - oval:org.mitre.oval:def:14940 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." - - - - - - - - - - - - 1027041 - MS12-030 - 49112 - oval:org.mitre.oval:def:15575 - - - - - - - - - - - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." - - - - - - - - - - - - 1027039 - MS12-034 - oval:org.mitre.oval:def:15555 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability." - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-039 - -AV:N per "How could an attacker exploit the vulnerability? -An attacker could convince a user to open a legitimate Microsoft Lync related file (such as an .ocsmeet file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained. - -In an email attack scenario, an attacker could exploit the vulnerability by sending a legitimate Microsoft Lync-related file (such as an .ocsmeet file) to a user, and convincing the user to place the attachment into a directory that contains a specially crafted DLL file and to open the legitimate file. Then, while opening the legitimate file, Microsoft Lync could attempt to load the DLL file and execute any code it contained. - -In a network attack scenario, an attacker could place a legitimate Microsoft Lync-related file and a specially crafted DLL in a network share, a UNC, or WebDAV location and then convince the user to open the file." - - - - - - - - - - - - MS12-039 - oval:org.mitre.oval:def:14874 - - - - - - - - - - - - - - - The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability." - - - - - - - - - MS12-054 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability." - - - - - - - - - - - MS12-054 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability." - - - - - - - - - - - MS12-054 - - - - - - - - - - - - Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability." - - - - - - - - - - - MS12-054 - - - - - - - - - - Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' - - - - - - - - - - - - MS12-046 - oval:org.mitre.oval:def:14950 - - - - - - - - - - - - - - - - - - - - - - - Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability." - - - - - - - - - - - - MS12-038 - oval:org.mitre.oval:def:14717 - - - - - - - - - - - - The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." - - - - - - - - - - - - MS12-060 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability." - - - - - - - - - - MS12-040 - - - - - - - - - - The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability." - - - - - - - - - - MS12-039 - MS12-037 - MS12-050 - oval:org.mitre.oval:def:15530 - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." - - - - - - - - - - MS12-050 - oval:org.mitre.oval:def:15589 - - - - - - - - - - - - - - - - Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." - - - - - - - - - - MS12-050 - oval:org.mitre.oval:def:15265 - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." - - - - - - - - - - MS12-050 - oval:org.mitre.oval:def:15544 - - - - - - - - - - - - - - - - Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." - - - - - - - - - - - - MS12-050 - oval:org.mitre.oval:def:15657 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." - - - - - - - - - - MS12-050 - oval:org.mitre.oval:def:15689 - - - - - - - - - - - - - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865. - - - - - - - - - - - MS12-041 - oval:org.mitre.oval:def:15496 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864. - - - - - - - - - - - MS12-041 - oval:org.mitre.oval:def:15649 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability." - - - - - - - - - - - MS12-041 - oval:org.mitre.oval:def:15096 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability." - - - - - - - - - - - MS12-041 - oval:org.mitre.oval:def:15510 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability." - - - - - - - - - - - MS12-041 - oval:org.mitre.oval:def:15647 - - - - - - - - - - The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." - - - - - - - - - MS12-049 - oval:org.mitre.oval:def:15644 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15629 - - - - - - - - - - - - - Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability." - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15026 - - - - - - - - - - - - Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15425 - - - - - - - - - - - Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15663 - - - - - - - - - - Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. - - - - - - - - - - - - http://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621 - http://twitter.com/vupen/statuses/177895844828291073 - MS12-037 - http://pwn2own.zerodayinitiative.com/status.html - oval:org.mitre.oval:def:15539 - http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-stomped-at-hacker-contest.ars - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15472 - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15632 - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15588 - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:14975 - - - - - - - - - - - - - Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15378 - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability." - - - - - - - - - - MS12-037 - oval:org.mitre.oval:def:15367 - - - - - - - - - - - - - Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability." - - - - - - - - - - - - MS12-059 - - - - - - - - - - - - - - - - - Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. - - - - - - - - - - - - MS12-043 - http://technet.microsoft.com/security/advisory/2719615 - oval:org.mitre.oval:def:15195 - - - - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." - - - - - - - - - - - MS12-047 - oval:org.mitre.oval:def:15416 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." - - - - - - - - - - - - MS12-045 - oval:org.mitre.oval:def:14783 - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability." - - - - - - - - - - MS12-061 - - - - - - - - - - win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." - - - - - - - - - - - MS12-047 - oval:org.mitre.oval:def:15654 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." - - - - - - - - - - - - MS12-051 - oval:org.mitre.oval:def:15602 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields. - - - webfoliocms-multiple-xss(73738) - 52335 - http://packetstormsecurity.org/files/110524/Webfolio-CMS-1.1.4-Cross-Site-Scripting.html - http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html - - - - - show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file. - - - - - - - - - http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php - https://github.com/phpmyadmin/phpmyadmin/commit/c51817d3b8cb05ff54dca9373c0667e29b8498d4 - FEDORA-2012-5599 - - - - - - - - - - - - - - - - - - - - - - - - mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. - - - - - - - - - - 1027076 - 49193 - http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. - - - - - - - - - - puppet-macosx-symlink(74793) - 52975 - DSA-2451 - USN-1419-1 - 48789 - 48748 - 48743 - http://puppetlabs.com/security/cve/cve-2012-1906/ - http://projects.puppetlabs.com/issues/13260 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document. - - - - - - - - - - 20120313 PrivaWall Antivirus Office XML Format Evasion/Bypass Vulnerability - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. - - - - - - - - - - http://www.splunk.com/view/SP-CAAAGTK#38585 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, Bitcoin-Qt, and other programs, does not properly handle multiple transactions with the same identifier, which allows remote attackers to cause a denial of service (unspendable transaction) by leveraging the ability to create a duplicate coinbase transaction. - - - - - - - - - https://github.com/sipa/bitcoin/commit/a206b0ea12eb4606b93323268fc81a4f1f952531 - https://en.bitcoin.it/wiki/CVEs - https://en.bitcoin.it/wiki/BIP_0030 - https://bugs.gentoo.org/show_bug.cgi?id=407793 - https://bitcointalk.org/index.php?topic=67738.0 - [bitcoin-development] 20120228 Duplicate transactions vulnerability - http://r6.ca/blog/20120206T005236Z.html - - - - - - - - - - - - - - - - - - - - - - - - Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x before 0.5.3.1; and 0.6.x before 0.6.0rc4 on Windows does not use MinGW multithread-safe exception handling, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted Bitcoin protocol messages. - - - - - - - - - - - https://github.com/bitcoin/bitcoin/commit/8864019f6d88b13d3442843d9e6ebeb8dd938831 - https://en.bitcoin.it/wiki/CVEs - https://bitcointalk.org/index.php?topic=69120.0 - http://gavintech.blogspot.com/2012/03/full-disclosure-bitcoin-qt-on-windows.html - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565. - - - - - - - - - - - phpaddressbook-multiple-sql-injection(73943) - 52396 - 18578 - http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt - http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929 - http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566. - - - - - - - - - - phpaddressbook-multiple-xss(73944) - 53598 - 52396 - 18578 - http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html - http://www.darksecurity.de/advisories/2012/SSCHADV2012-007.txt - http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929 - http://sourceforge.net/tracker/?func=detail&aid=3501716&group_id=157964&atid=805929 - http://sourceforge.net/tracker/?func=detail&aid=3496653&group_id=157964&atid=805929 - 49212 - 42781 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/. - Per: http://www.kb.cert.org/vuls/id/743555 'CWE-434: Unrestricted Upload of File with Dangerous Type' - - - - - - - - - - - VU#743555 - http://atmail.org/download/atmailopen.tgz - 47012 - http://en.securitylab.ru/lab/PT-2011-48 - - - - - - - - - - - compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence. - - - - - - - - - VU#743555 - http://atmail.org/download/atmailopen.tgz - 47012 - http://en.securitylab.ru/lab/PT-2011-48 - - - - - - - - - - - Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a .. (dot dot) in the Attachment[] parameter. - - - - - - - - - VU#743555 - http://atmail.org/download/atmailopen.tgz - 47012 - http://en.securitylab.ru/lab/PT-2011-48 - - - - - - - - - - - CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a .. (dot dot) in the file parameter. - - - - - - - - - - VU#743555 - http://atmail.org/download/atmailopen.tgz - 47012 - http://en.securitylab.ru/lab/PT-2011-48 - - - - - - - - - - - @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. - - - - - - - - - VU#743555 - 47012 - http://en.securitylab.ru/lab/PT-2011-48 - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in goform/admin/formWlEncrypt in Sitecom WLM-2501 allows remote attackers to hijack the authentication of administrators for requests that change the router passphrase via the pskValue parameter. - - - - - - - - - - - - http://packetstormsecurity.org/files/110770/Sitecom-WLM-2501-Cross-Site-Request-Forgery.html - http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html - - - - - - - - - - RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database. - - - - - - - - - 52929 - http://secunia.com/secunia_research/2012-8/ - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf - - - - - - - - - - - - - - - - - Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. - - - - - - - - - - - - http://www.opera.com/support/kb/view/1010/ - http://www.opera.com/docs/changelogs/windows/1162/ - http://www.opera.com/docs/changelogs/unix/1162/ - http://www.opera.com/docs/changelogs/mac/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows. - - - - - - - - - - - - http://www.opera.com/support/kb/view/1011/ - http://www.opera.com/docs/changelogs/windows/1162/ - http://www.opera.com/docs/changelogs/unix/1162/ - http://www.opera.com/docs/changelogs/mac/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information. - - - - - - - - - http://www.opera.com/support/kb/view/1012/ - http://www.opera.com/docs/changelogs/windows/1162/ - http://www.opera.com/docs/changelogs/unix/1162/ - http://www.opera.com/docs/changelogs/mac/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain. - - - - - - - - - - http://www.opera.com/support/kb/view/1013/ - http://www.opera.com/docs/changelogs/windows/1162/ - http://www.opera.com/docs/changelogs/unix/1162/ - http://www.opera.com/docs/changelogs/mac/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain. - - - - - - - - - - http://www.opera.com/support/kb/view/1014/ - http://www.opera.com/docs/changelogs/windows/1162/ - http://www.opera.com/docs/changelogs/unix/1162/ - http://www.opera.com/docs/changelogs/mac/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area. - - - - - - - - - - http://www.opera.com/support/kb/view/1009/ - http://www.opera.com/docs/changelogs/mac/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. - - - - - - - - - - - http://www.opera.com/support/kb/view/1015/ - http://www.opera.com/docs/changelogs/unix/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. - - - - - - - - - - - http://www.opera.com/support/kb/view/1015/ - http://www.opera.com/docs/changelogs/unix/1162/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23084 - newscoop-gcampsitedir-file-include(75031) - http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm - 53147 - 18752 - 48769 - http://dev.sourcefabric.org/browse/CS-4179 - 20120418 Multiple vulnerabilities in Newscoop - - - - - - - - - - - - - - - SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23084 - newscoop-edit-sql-injection(74780) - http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm - 52941 - 18752 - 48769 - http://dev.sourcefabric.org/browse/CS-4181 - http://dev.sourcefabric.org/browse/CS-4179 - 20120418 Multiple vulnerabilities in Newscoop - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to admin/password_check_token.php. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23084 - newscoop-multiple-xss(74781) - http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm - 52941 - 18752 - 48769 - http://dev.sourcefabric.org/browse/CS-4183 - http://dev.sourcefabric.org/browse/CS-4182 - http://dev.sourcefabric.org/browse/CS-4179 - 20120418 Multiple vulnerabilities in Newscoop - - - - - - - - - - - - - - - ** DISPUTED ** The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations. - - - - - - - - - - - - http://www.webapp-security.com/wp-content/uploads/2012/04/Wordpress-3.3.1-Multiple-CSRF-Vulnerabilities6.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=745580 - https://bugzilla.mozilla.org/show_bug.cgi?id=745494 - https://bugzilla.mozilla.org/show_bug.cgi?id=745254 - https://bugzilla.mozilla.org/show_bug.cgi?id=723465 - https://bugzilla.mozilla.org/show_bug.cgi?id=643967 - http://www.mozilla.org/security/announce/2012/mfsa2012-34.html - DSA-2499 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=748948 - https://bugzilla.mozilla.org/show_bug.cgi?id=736012 - https://bugzilla.mozilla.org/show_bug.cgi?id=730415 - https://bugzilla.mozilla.org/show_bug.cgi?id=723971 - https://bugzilla.mozilla.org/show_bug.cgi?id=723773 - https://bugzilla.mozilla.org/show_bug.cgi?id=718852 - https://bugzilla.mozilla.org/show_bug.cgi?id=716067 - https://bugzilla.mozilla.org/show_bug.cgi?id=708688 - https://bugzilla.mozilla.org/show_bug.cgi?id=699594 - https://bugzilla.mozilla.org/show_bug.cgi?id=670317 - http://www.mozilla.org/security/announce/2012/mfsa2012-34.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=748613 - http://www.mozilla.org/security/announce/2012/mfsa2012-34.html - DSA-2499 - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=747688 - http://www.mozilla.org/security/announce/2012/mfsa2012-40.html - DSA-2499 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=750066 - http://www.mozilla.org/security/announce/2012/mfsa2012-40.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=748764 - http://www.mozilla.org/security/announce/2012/mfsa2012-35.html - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory. - http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=750850 - http://www.mozilla.org/security/announce/2012/mfsa2012-35.html - - - - - - - - - - - - - - - - The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=751422 - http://www.mozilla.org/security/announce/2012/mfsa2012-36.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=670514 - http://www.mozilla.org/security/announce/2012/mfsa2012-37.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=750109 - http://www.mozilla.org/security/announce/2012/mfsa2012-38.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=744541 - http://www.mozilla.org/security/announce/2012/mfsa2012-40.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=772282 - https://bugzilla.mozilla.org/show_bug.cgi?id=763225 - https://bugzilla.mozilla.org/show_bug.cgi?id=758471 - https://bugzilla.mozilla.org/show_bug.cgi?id=756600 - https://bugzilla.mozilla.org/show_bug.cgi?id=754989 - https://bugzilla.mozilla.org/show_bug.cgi?id=750575 - https://bugzilla.mozilla.org/show_bug.cgi?id=749385 - https://bugzilla.mozilla.org/show_bug.cgi?id=746896 - https://bugzilla.mozilla.org/show_bug.cgi?id=746103 - https://bugzilla.mozilla.org/show_bug.cgi?id=732233 - http://www.mozilla.org/security/announce/2012/mfsa2012-42.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=766304 - https://bugzilla.mozilla.org/show_bug.cgi?id=766018 - https://bugzilla.mozilla.org/show_bug.cgi?id=765179 - https://bugzilla.mozilla.org/show_bug.cgi?id=757431 - https://bugzilla.mozilla.org/show_bug.cgi?id=754725 - https://bugzilla.mozilla.org/show_bug.cgi?id=752662 - https://bugzilla.mozilla.org/show_bug.cgi?id=743876 - https://bugzilla.mozilla.org/show_bug.cgi?id=738841 - https://bugzilla.mozilla.org/show_bug.cgi?id=725499 - https://bugzilla.mozilla.org/show_bug.cgi?id=718290 - https://bugzilla.mozilla.org/show_bug.cgi?id=717488 - https://bugzilla.mozilla.org/show_bug.cgi?id=712914 - http://www.mozilla.org/security/announce/2012/mfsa2012-42.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=725611 - https://bugzilla.mozilla.org/show_bug.cgi?id=724599 - https://bugzilla.mozilla.org/show_bug.cgi?id=724247 - http://www.mozilla.org/security/announce/2012/mfsa2012-43.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=752902 - http://www.mozilla.org/security/announce/2012/mfsa2012-44.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=759249 - http://www.mozilla.org/security/announce/2012/mfsa2012-44.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=765218 - http://www.mozilla.org/security/announce/2012/mfsa2012-44.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=765139 - http://www.mozilla.org/security/announce/2012/mfsa2012-44.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=757376 - http://www.mozilla.org/security/announce/2012/mfsa2012-45.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=756719 - http://www.mozilla.org/security/announce/2012/mfsa2012-59.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=750096 - http://www.mozilla.org/security/announce/2012/mfsa2012-47.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=750820 - http://www.mozilla.org/security/announce/2012/mfsa2012-48.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=754044 - https://bugzilla.mozilla.org/show_bug.cgi?id=737559 - http://www.mozilla.org/security/announce/2012/mfsa2012-49.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=761014 - http://www.mozilla.org/security/announce/2012/mfsa2012-50.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=761655 - http://www.mozilla.org/security/announce/2012/mfsa2012-51.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=764296 - http://www.mozilla.org/security/announce/2012/mfsa2012-52.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=767778 - http://www.mozilla.org/security/announce/2012/mfsa2012-53.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=633691 - http://www.mozilla.org/security/announce/2012/mfsa2012-54.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=758990 - http://www.mozilla.org/security/announce/2012/mfsa2012-55.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=734076 - http://www.mozilla.org/security/announce/2012/mfsa2012-46.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=758344 - http://www.mozilla.org/security/announce/2012/mfsa2012-56.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=777398 - http://www.bugzilla.org/security/3.6.9/ - 50040 - - - - - - - - - - - - - - - - - - The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=777586 - http://www.bugzilla.org/security/3.6.9/ - 50040 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=778765 - https://bugzilla.mozilla.org/show_bug.cgi?id=777806 - https://bugzilla.mozilla.org/show_bug.cgi?id=775206 - https://bugzilla.mozilla.org/show_bug.cgi?id=764176 - https://bugzilla.mozilla.org/show_bug.cgi?id=761831 - https://bugzilla.mozilla.org/show_bug.cgi?id=758408 - https://bugzilla.mozilla.org/show_bug.cgi?id=745158 - http://www.mozilla.org/security/announce/2012/mfsa2012-57.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=780712 - https://bugzilla.mozilla.org/show_bug.cgi?id=779849 - https://bugzilla.mozilla.org/show_bug.cgi?id=773097 - https://bugzilla.mozilla.org/show_bug.cgi?id=765936 - https://bugzilla.mozilla.org/show_bug.cgi?id=755916 - https://bugzilla.mozilla.org/show_bug.cgi?id=754242 - https://bugzilla.mozilla.org/show_bug.cgi?id=754150 - https://bugzilla.mozilla.org/show_bug.cgi?id=753162 - https://bugzilla.mozilla.org/show_bug.cgi?id=752087 - https://bugzilla.mozilla.org/show_bug.cgi?id=752038 - https://bugzilla.mozilla.org/show_bug.cgi?id=749039 - https://bugzilla.mozilla.org/show_bug.cgi?id=748119 - https://bugzilla.mozilla.org/show_bug.cgi?id=732870 - https://bugzilla.mozilla.org/show_bug.cgi?id=730208 - https://bugzilla.mozilla.org/show_bug.cgi?id=719750 - http://www.mozilla.org/security/announce/2012/mfsa2012-57.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=778428 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=773207 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=769303 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=777578 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=776213 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-129-01.pdf - http://dsecrg.com/pages/vul/show.php?id=405 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. - - - - - - - - - - http://www.webapp-security.com/wp-content/uploads/2012/03/syndeocms_3.0.01-Persistent-XSS.txt - 52840 - 18686 - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action. - - - - - - - - - - http://www.webapp-security.com/wp-content/uploads/2012/03/SocialCMS-1.0.2-XSS-Persistent-and-Reflected-Vulnerabilities1.txt - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 52929 - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL. - - - - - - - - - - - - 52929 - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf - - - - - - - - - - - - - - - - - Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. - - - - - - - - - openSUSE-SU-2012:0835 - openSUSE-SU-2012:0608 - puppet-rest-symlink(74794) - 52975 - DSA-2451 - USN-1419-1 - 49136 - 48789 - 48748 - 48743 - http://puppetlabs.com/security/cve/cve-2012-1986/ - http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 - http://projects.puppetlabs.com/issues/13511 - FEDORA-2012-6674 - FEDORA-2012-6055 - FEDORA-2012-5999 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. - - - - - - - - - openSUSE-SU-2012:0835 - openSUSE-SU-2012:0608 - puppet-rest-dos(74795) - 52975 - 81308 - DSA-2451 - USN-1419-1 - 49136 - 48789 - 48748 - 48743 - http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/ - http://puppetlabs.com/security/cve/cve-2012-1987/ - http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 - http://projects.puppetlabs.com/issues/13553 - http://projects.puppetlabs.com/issues/13552 - FEDORA-2012-6674 - FEDORA-2012-6055 - FEDORA-2012-5999 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request. - - - - - - - - - - - openSUSE-SU-2012:0835 - openSUSE-SU-2012:0608 - puppet-file-bucket-command-exec(74796) - 52975 - 81309 - DSA-2451 - USN-1419-1 - 49136 - 48789 - 48748 - 48743 - http://puppetlabs.com/security/cve/cve-2012-1988 / - http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15 - http://projects.puppetlabs.com/issues/13518 - FEDORA-2012-6674 - FEDORA-2012-6055 - FEDORA-2012-5999 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log). - - - - - - - - - - openSUSE-SU-2012:0835 - puppet-nettelnet-symlink(74797) - 52975 - USN-1419-1 - 49136 - 48748 - 48743 - http://puppetlabs.com/security/cve/cve-2012-1989/ - http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13 - http://projects.puppetlabs.com/issues/13606 - openSUSE-SU-2012:0608 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. - - - - - - - - - - 53409 - http://www.phocean.net/2012/05/08/cve-2012-1990-kerwebkerwin-xss-vulnerabilities.html - 49041 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). - - - - - - - - - - http://www.webapp-security.com/wp-content/uploads/2012/04/CMS-Made-Simple-1.10.3-XSS-Vulnerability2.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. - - - - - - - - - - 1026925 - HPSBMU02764 - SSRT100827 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in HP System Health Application and Command Line Utilities before 9.0.0 allow remote attackers to execute arbitrary code via unknown vectors. - - - - - - - - - - - SSRT100603 - HPSBMU02772 - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - SSRT100558 - HPSBMU02771 - - - - - - - - - - - - - - - - - - - - Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - - - - - - - - - - - SSRT100558 - HPSBMU02771 - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - SSRT100848 - HPSBMU02770 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - - - - - - - - - - - - HPSBMU02770 - SSRT100848 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - SSRT100848 - HPSBMU02770 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors. - - - - - - - - - - SSRT100848 - HPSBMU02770 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - SSRT100853 - HPSBMU02775 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - HPSBMU02775 - SSRT100853 - - - - - - - - - - - - - Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors. - - - - - - - - - - - SSRT100853 - HPSBMU02775 - - - - - - - - - - - - - The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. - - - - - - - - - - - HPSBOV02780 - SSRT100766 - 53613 - 82015 - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - HPSBPI02779 - SSRT100855 - - - - - - - - - - - HP System Management Homepage (SMH) before 7.1.1 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. - - - - - - - - - - - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors. - - - - - - - - - - - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - HP System Management Homepage (SMH) before 7.1.1 does not properly validate input, which allows remote authenticated users to have an unspecified impact via unknown vectors. - - - - - - - - - - - SSRT100877 - HPSBMU02786 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows remote authenticated users to gain privileges and obtain sensitive information via unknown vectors. - - - - - - - - - - - HPSBMU02786 - SSRT100877 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.1.1 allows local users to obtain sensitive information via unknown vectors. - - - - - - - - - HPSBMU02786 - SSRT100877 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors. - - - - - - - - - SSRT100542 - HPSBPI02794 - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - SSRT100806 - HPSBMU02783 - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. - - - - - - - - - - - HPSBMU02796 - SSRT100594 - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. - - - - - - - - - - - HPSBMU02796 - SSRT100594 - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - SSRT100876 - HPSBGN02787 - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - HPSBMU02798 - SSRT100908 - - - - - - - - - - - - - - - - - - - - - Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-10.html - adobe-illustrator-code-exec(75446) - 53422 - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-10.html - illustrator-code-execution(75447) - 53422 - 81756 - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-10.html - adobe-illustrator-code-execution(75448) - 53422 - 81757 - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-10.html - adobe-jpegformat-bo(75449) - 53422 - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Adobe Photoshop before CS6 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. - - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-11.html - 52634 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Adobe Photoshop before CS6 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. - - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-11.html - photoshop-unspec-bo(75457) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-13.html - asp-unspecified-ce(75458) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-13.html - shockwave-player-file-code-execution(75459) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-13.html - asp-memory-code-exec(75460) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-13.html - asp-file-code-execution(75461) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-13.html - adobe-shockwave-file-ce(75462) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in the installer in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows local users to gain privileges via a Trojan horse executable file in an unspecified directory. - http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-14.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CRLF injection vulnerability in the Component Browser in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-15.html - - - - - - - - - - - - Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-10.html - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2044, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-17.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2045, CVE-2012-2046, and CVE-2012-2047. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-17.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2046, and CVE-2012-2047. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-17.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2047. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-17.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-17.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors. - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-21.html - - - - - - - - - - - - - - - Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777. - - - - - - - - - - - https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt - - - - - - - - - - - - Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327. - - - - - - - - - http://www.redmine.org/versions/42 - http://www.redmine.org/issues/10390 - http://www.redmine.org/boards/2/topics/29343 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - GitHub Enterprise before 20120304 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the public_key[user_id] value via a modified URL for the public-key update form, related to a "mass assignment" vulnerability. - - - - - - - - - https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation - http://lwn.net/Articles/488702/ - http://homakov.blogspot.com/2012/03/how-to.html - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Content Lock module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk Stock Updater module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors related to formAPI. - - - ubercart-drupal-csrf(74054) - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors. - - - ubercart-payflow-drupal-weak-security(74055) - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - ticketyboo-drupal-xss(74056) - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - admintools-drupal-xss(74057) - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - Cross-site request forgery (CSRF) vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens." - - - admintools-drupal-csrf(74058) - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - - - redirecting-drupal-open-redirect(74059) - 52502 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1482126 - - - - - The Slidebox module before 7.x-1.4 for Drupal does not properly check permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. - - - - - - - - - http://drupal.org/node/1482166 - slidebox-nodes-security-bypass(74067) - 52500 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48360 - http://drupalcode.org/project/slidebox.git/commit/3dae144 - http://drupal.org/node/1482342 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. - - - - - - - - - - http://drupal.org/node/1482420 - 52497 - 80071 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48355 - http://drupalcode.org/project/views_lang_switch.git/commit/c27c318 - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1482428 - http://drupal.org/node/1482144 - http://drupal.org/node/1482136 - 52499 - 80070 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48405 - http://drupalcode.org/project/languageicons.git/commit/e3f3f1f - http://drupalcode.org/project/languageicons.git/commit/be620bb - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1482528 - http://drupal.org/node/1482480 - http://drupal.org/node/1482466 - http://drupal.org/node/1482442 - ckeditor-drupal-unspec-xss(74036) - 80079 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48435 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the CKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal, when the core PHP module is enabled, allows remote authenticated users or remote attackers to execute arbitrary PHP code via the text parameter to a text filter. NOTE: some of these details are obtained from third party information. - Per http://drupal.org/node/1482528 the versions affected are "FCKeditor 6.x-2.x versions prior to 6.x-2.3, CKEditor 6.x-1.x versions prior to 6.x-1.9, and CKEditor 7.x-1.x versions prior to 7.x-1.7." - - - - - - - - - - - - http://drupal.org/node/1482528 - http://drupal.org/node/1482480 - http://drupal.org/node/1482466 - http://drupal.org/node/1482442 - ckeditor-drupal-code-execution(74037) - 80080 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48435 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter. - - - - - - - - - - http://drupal.org/node/1482744 - http://drupal.org/node/1417688 - fancyslide-createslideshowblocks-xss(74070) - 52513 - 80069 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48412 - http://drupalcode.org/project/fancy_slide.git/commit/cd2a424 - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Wishlist module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.6 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via the (1) wl_reveal or (2) q parameters. - - - - - - - - - - - - http://drupalcode.org/project/wishlist.git/commit/73aaf98 - http://drupalcode.org/project/wishlist.git/commit/6660c33 - http://drupal.org/node/1492624 - http://drupal.org/node/1483636 - http://drupal.org/node/1483634 - 52660 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://www.madirish.net/content/drupal-wishlist-6x-24-xss-vulnerability - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block title. - - - - - - - - - - http://drupal.org/node/1506390 - http://drupal.org/node/1505414 - http://drupal.org/node/1505410 - multiblock-blocktitle-xss(74466) - 52800 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://www.madirish.net/content/drupal-multiblock-6x-13-xss-vulnerability - 48588 - 80673 - http://drupalcode.org/project/multiblock.git/commit/aee07d3 - http://drupalcode.org/project/multiblock.git/commit/2c5177b - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1506404 - http://drupal.org/node/1506330 - contactforms-pagetitle-xss(74467) - 52801 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48583 - 80674 - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1506412 - http://drupal.org/node/1083664 - sharebuttons-unspecified-xss(74469) - 52777 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48615 - 80675 - - - - - - - - - - - - - - The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. - - - - - - - - - - - http://drupal.org/node/1506420 - http://drupal.org/node/1506166 - bundlecopy-usephp-code-execution(74439) - 52811 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48626 - 80676 - http://drupalcode.org/project/bundle_copy.git/commit/299bdca - - - - - - - - - - - Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. - - - - - - - - - http://drupal.org/node/1506428 - http://drupal.org/node/1505210 - drupal-ubercart-defaultviews-info-disclosure(74485) - 52814 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48631 - 80677 - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupalcode.org/project/contact_save.git/commit/0654894 - http://drupal.org/node/953788 - http://drupal.org/node/1506438 - drupal-contactsave-unspecified-xss(74515) - 52787 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48619 - 80669 - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - http://drupal.org/node/1506448 - drupal-sharethis-administrationforms-xss(74516) - 52778 - 48598 - 80670 - http://drupalcode.org/project/sharethis.git/commit/11f247a - http://drupal.org/node/1504746 - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permissions via unknown vectors "outside of the Form API." - - - - - - - - - - - - 52778 - drupal-sharethis-administrationforms-csrf(74518) - 80681 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48598 - http://drupalcode.org/project/sharethis.git/commit/11f247a - http://drupal.org/node/1506448 - http://drupal.org/node/1504746 - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitnumber permission for requests that delete limits. - - - - - - - - - - - - http://drupalcode.org/project/node_limitnumber.git/commit/90f0d3a - http://drupal.org/node/1506728 - http://drupal.org/node/1506594 - drupal-modelimitnumber-unspecified-csrf(74525) - 52816 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48597 - 80684 - - - - - - - - - - - - - - - - - - - - - - The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. - - - - - - - - - http://drupal.org/node/1507446 - drupal-organic-views-security-bypass(74526) - 52799 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48620 - 80678 - http://drupal.org/node/1507328 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature. - - - - - - - - - - http://drupalcode.org/project/ctools.git/commit/755b3c4 - http://drupal.org/node/1507466 - http://drupal.org/node/1507412 - drupal-chaos-unspecified-xss(74481) - 52794 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48616 - 80679 - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter. - - - - - - - - - - 52798 - [oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - 48606 - 80680 - http://drupalcode.org/project/fusion.git/commit/f7cee3d - http://drupal.org/node/1507510 - http://drupal.org/node/1506600 - - - - - - - - - - - - - - - - - The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute. - - - - - - - - - - - - https://trac.gajim.org/changeset/bc296e96ac10 - https://trac.gajim.org/ticket/7031 - 52943 - [oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection - [oss-security] 20120408 CVE request: gajim - code execution and sql injection - 48708 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=832864 - 54270 - 49686 - RHSA-2012:1054 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. - - - - - - - - - - - - http://nginx.org/en/security_advisories.html - [oss-security] 20120412 nginx security advisory: mp4 module vulnerability, CVE-2012-2089 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=811617 - flightgear-xml-format-string(74791) - [oss-security] 20120410 Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities - [Flightgear-devel] 20120320 Re: Flightgear and Simgear multiple format string vulnerabilities - [Flightgear-devel] 20120309 Flightgear and Simgear multiple format string vulnerabilities - 48780 - FEDORA-2012-8615 - FEDORA-2012-8650 - FEDORA-2012-8647 - - - - - - - - - - - - - - - - - Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=811617 - [oss-security] 20120410 Re: CVE Request: FlightGear and Simgear Multiple vulnerabilities - [Flightgear-devel] 20120320 Re: Flightgear and Simgear multiple format string vulnerabilities - [Flightgear-devel] 20120309 Flightgear and Simgear multiple format string vulnerabilities - 48780 - FEDORA-2012-8615 - FEDORA-2012-8650 - FEDORA-2012-8647 - - - - - - - - - - - - - - - - - src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function. - - - - - - - - - - https://trac.gajim.org/changeset/13759/src/common/latex.py - gajim-gettmpfilename-symlink(74869) - [oss-security] 20120410 gajim insecure file creation when using latex - [oss-security] 20120410 RE: gajim insecure file creation when using latex - 48695 - FEDORA-2012-6061 - FEDORA-2012-6001 - FEDORA-2012-6161 - http://hg.gajim.org/gajim/rev/f046e4aaf7d4 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. - - - - - - - - - - [openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer - https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 - https://bugs.launchpad.net/horizon/+bug/977944 - openstack-horizon-xss(76136) - 81742 - USN-1439-1 - 49071 - 49024 - FEDORA-2012-6108 - - - - - - - - - - - The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not properly validate voting data, which allows remote attackers to manipulate voting averages via a negative value in the vote parameter. - - - - - - - - - 52984 - http://drupalcode.org/project/fivestar.git/commitdiff/75dba2c - http://drupal.org/node/1528614 - http://drupal.org/node/1528600 - [oss-security] 20120411 Re: CVE Request for Drupal Contributed Advisories on 2012-04-11 - [oss-security] 20120411 CVE Request for Drupal Contributed Advisories on 2012-04-11 - 48788 - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Autosave module 6.x before 6.x-2.10 and 7.x-2.x before 7.x-2.0 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests involving "submitting saved results to a node." - - - - - - - - - - - - http://drupalcode.org/project/autosave.git/commitdiff/f7bfd2d - http://drupalcode.org/project/autosave.git/commitdiff/39f7fb0 - http://drupal.org/node/1528906 - http://drupal.org/node/1528864 - http://drupal.org/node/1525998 - 52985 - [oss-security] 20120411 Re: CVE Request for Drupal Contributed Advisories on 2012-04-11 - [oss-security] 20120411 CVE Request for Drupal Contributed Advisories on 2012-04-11 - - - - - - - - - - - - - - - - - - - - - Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs. - - - - - - - - - 1027096 - 53676 - 49255 - http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html - 82161 - FEDORA-2012-8465 - FEDORA-2012-8428 - http://commons.apache.org/compress/security.html - 20120523 [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability - http://ant.apache.org/security.html - - - - - - - - - - - - - - The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307. - - - - - - - - - - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b - https://github.com/torvalds/linux/commit/d50f2ab6f050311dbf7b8f5501b25f0bf64a439b - https://bugzilla.redhat.com/show_bug.cgi?id=809687 - 53414 - [oss-security] 20120412 Re: fix to CVE-2009-4307 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2 - - - - - - - - - - - - - Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. - - - - - - - - - [openstack] 20120419 [OSSA 2012-005] No quota enforced on security group rules - https://github.com/openstack/nova/commit/a67db4586f70ed881d65e80035b2a25be195ce64 - https://github.com/openstack/nova/commit/8c8735a73afb16d5856f0aa6088e9ae406c52beb - https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7 - https://bugs.launchpad.net/nova/+bug/969545 - 81641 - USN-1438-1 - 49048 - 49034 - FEDORA-2012-6273 - FEDORA-2012-6365 - - - - - - - - - - - - MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT. - - - - - - - - - [oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE - http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html - http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=812889 - munin-unspec-symlink(74884) - 53031 - [oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws - 48859 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 - - - - - - - - - - cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. - - - - - - - - - - - - munin-munincgigraphlog-command-execution(74885) - 53032 - [oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666 - - - - - - - - - - - SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action. - - - - - - - - - - - http://buddypress.org/2012/03/buddypress-1-5-5/ - [oss-security] 20120416 Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 - [oss-security] 20120415 CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 - 18690 - 20120331 SQL injection in Wordpress plugin Buddypress - 80763 - - - - - - - - - - - - - - - The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. - - - - - - - - - - - USN-1424-1 - 1026957 - http://www.openssl.org/news/secadv_20120419.txt - DSA-2454 - http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578 - 48999 - 48895 - RHSA-2012:0522 - RHSA-2012:0518 - HPSBOV02793 - SSRT100891 - FEDORA-2012-6395 - http://cvs.openssl.org/chngview?cn=22439 - http://cvs.openssl.org/chngview?cn=22434 - http://cvs.openssl.org/chngview?cn=22431 - 20120419 incorrect integer conversions in OpenSSL can result in memory corruption. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. - - - - - - - - - - - http://www.samba.org/samba/security/CVE-2012-2111 - USN-1434-1 - 1026988 - DSA-2463 - http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578 - 49030 - 49017 - 48999 - 48996 - 48984 - 48976 - RHSA-2012:0533 - 81648 - SUSE-SU-2012:0591 - openSUSE-SU-2012:0583 - SUSE-SU-2012:0573 - FEDORA-2012-7006 - FEDORA-2012-6999 - FEDORA-2012-6981 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages. - - - - - - - - - - exceptionhandler-exceptionmessages-xss(74920) - 53047 - [oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core - [oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core - DSA-2455 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/ - [TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8 - [TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=810551 - 54076 - http://www.remotesensing.org/libtiff/v4.0.2.html - 49686 - 49493 - RHSA-2012:1054 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in fprintf in musl before 0.8.8 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string to an unbuffered stream such as stderr. - - - - - - - - - - - [oss-security] 20120418 Re: Stack-based buffer overflow in musl libc 0.8.7 and earlier - [oss-security] 20120418 Stack-based buffer overflow in musl libc 0.8.7 and earlier - [musl] 20120417 musl security advisory #001: stack buffer overflow in vfprintf with long output - http://www.etalabs.net/musl/download.html - - - - - - - - - - SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter. - - - - - - - - - - - openemr-validateuser-sql-injection(71983) - 51247 - 78132 - [oss-security] 20120418 Re: CVE-request: OpenEMR 4.1.0 SQL-injection - [oss-security] 20120417 CVE-request: OpenEMR 4.1.0 SQL-injection - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches - http://www.mavitunasecurity.com/sql-injection-vulnerability-in-openemr/ - 18274 - 20120103 SQL Injection Vulnerability in OpenEMR 4.1.0 - 20120103 SQL Injection Vulnerability in OpenEMR 4.1.0 - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. - - - - - - - - - - - - http://drupalcode.org/project/commerce_reorder.git/commit/bf060ab - [oss-security] 20120418 Re: CVE Request for Drupal Contributed Advisories on 2012-04-18 - [oss-security] 20120418 CVE Request for Drupal Contributed Advisories on 2012-04-18 - 48912 - http://drupal.org/node/1538198 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1538704 - http://drupal.org/node/1515084 - [oss-security] 20120418 Re: CVE Request for Drupal Contributed Advisories on 2012-04-18 - [oss-security] 20120418 CVE Request for Drupal Contributed Advisories on 2012-04-18 - 48832 - - - - - - - - - - - - - - Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name. - - - - - - - - - - - http://patchwork.freedesktop.org/patch/10001/ - xorg-input-device-format-string(74930) - 53150 - [oss-security] 20120418 Re: CVE request: Xorg input device format string flaw - [oss-security] 20120418 CVE request: Xorg input device format string flaw - - - - - - - - - - latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. - - - - - - - - - - [oss-security] 20120419 Re: CVE request: latex2man / texlive - [oss-security] 20120419 CVE request: latex2man / texlive - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779 - - - - - - - - - - The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. - - - - - - - - - https://github.com/torvalds/linux/commit/09ca8e1173bcb12e2a449698c9ae3b86a8a10195 - https://bugzilla.redhat.com/show_bug.cgi?id=814149 - [oss-security] 20120419 Re: CVE request -- kernel: kvm: device assignment page leak - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.4 - - - - - - - - - - sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value. - - - - - - - - - - - [oss-security] 20120609 Security vulnerability in MySQL/MariaDB sql/password.c - https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql - 53911 - 19092 - 1027143 - 49417 - http://kb.askmonty.org/en/mariadb-5162-release-notes/ - http://bugs.mysql.com/bug.php?id=64884 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. - - - - - - - - - - - https://github.com/torvalds/linux/commit/d52fc5dde171f030170a6cb78034d166b13c9445 - https://bugzilla.redhat.com/show_bug.cgi?id=806722 - 53166 - [oss-security] 20120419 Re: CVE request: kernel: fcaps: clear the same personality flags as suid when fcaps are used - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.3 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d52fc5dde171f030170a6cb78034d166b13c9445 - - - - - - - - - - fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd. - - - - - - - - - https://github.com/torvalds/linux/commit/905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 - http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.2.bz2 - https://bugzilla.redhat.com/show_bug.cgi?id=815188 - https://bugzilla.novell.com/show_bug.cgi?id=757783 - [oss-security] 20120422 Re: Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 - [oss-security] 20120420 Re: CVE request: pid namespace leak in kernel 3.0 and 3.1 - http://www.kernel.org/pub/linux/kernel/v3.x/ - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=905ad269c55fc62bee3da29f7b1d1efeba8aa1e1 - - - - - - - - - - - - - - - - - - - ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token." - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=815122 - dokuwiki-doku-xss(74907) - 53041 - [oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data - [oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data - 48848 - 20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit - http://ircrash.com/uploads/dokuwiki.txt - http://bugs.dokuwiki.org/index.php?do=details&task_id=2488 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action. - - - - - - - - - - https://github.com/splitbrain/dokuwiki/commit/ff71173477e54774b5571015d49d944f51cb8a26 - https://bugzilla.redhat.com/show_bug.cgi?id=815122 - https://bugs.gentoo.org/show_bug.cgi?id=412891 - dokuwiki-doku-xss(74907) - 53041 - [oss-security] 20120422 Re: CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data - [oss-security] 20120422 CVE Request -- DokuWiki: XSS and CSRF due improper escaping of 'target' parameter in preprocessing edit form data - 48848 - 20120417 DokuWiki Ver.2012/01/25 CSRF Add User Exploit - http://ircrash.com/uploads/dokuwiki.txt - http://bugs.dokuwiki.org/index.php?do=details&task_id=2487 - - - - - - - - - - Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. - - - - - - - - - - - USN-1428-1 - 1026957 - 53212 - [oss-security] 20120424 Re: OpenSSL ASN1 BIO vulnerability (CVE-2012-2110) - http://www.openssl.org/news/secadv_20120424.txt - DSA-2454 - 48895 - HPSBOV02793 - SSRT100891 - http://cvs.openssl.org/chngview?cn=22479 - - - - - - - - - - libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection. - - - - - - - - - https://bugzilla.gnome.org/show_bug.cgi?id=666280 - [oss-security] 20120502 Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification - [oss-security] 20120430 Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification - [oss-security] 20120424 CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification - [oss-security] 20120424 Re: CVE Request: libsoup 2.32.2 sets ssl trusted flag despite no verification - - - - - - - - - - Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount operation that triggers improper handling of quota data. - - - - - - - - - - https://github.com/torvalds/linux/commit/90481622d75715bfcb68501280a917dbfe516029 - https://bugzilla.redhat.com/show_bug.cgi?id=817430 - linux-kernel-hugepages-dos(75168) - 53233 - [oss-security] 20120424 Re: CVE Request: use after free bug in - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.6 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=90481622d75715bfcb68501280a917dbfe516029 - - - - - - - - - - - - - - - The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. - - - - - - - - - - [oss-security] 20120425 Re: CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated - [oss-security] 20120425 CVE Request: Python 3.2/3.3 utf-16 decoder unicode_decode_call_errorhandler aligned_end is not updated - http://bugs.python.org/issue14579 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670389 - - - - - - - - - - - - - - - - - The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. - - - - - - - - - - - https://github.com/torvalds/linux/commit/cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc - https://bugzilla.redhat.com/show_bug.cgi?id=816289 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc - - - - - - - - - - - - - - - - - - - - The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. - - - - - - - - - https://issues.apache.org/jira/browse/SLING-2517 - http://svn.apache.org/viewvc?view=revision&revision=1352865 - [www-announce] 20120706 [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability - - - - - - - - - - Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.3 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter. - - - - - - - - - https://github.com/mikel/mail/commit/29aca25218e4c82991400eb9b0c933626aefc98f - https://bugzilla.redhat.com/show_bug.cgi?id=816352 - https://bugzilla.novell.com/show_bug.cgi?id=759092 - [oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4 - [oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4 - 48970 - - - - - - - - - - - - The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. - - - - - - - - - - - https://github.com/mikel/mail/commit/ac56f03bdfc30b379aeecd4ff317d08fdaa328c2 - https://github.com/mikel/mail/commit/39b590ddb08f90ddbe445837359a2c8843e533d0 - https://github.com/mikel/mail/blob/9beb079c70d236a5ad2e1ba95b2c977e55deb7af/CHANGELOG.rdoc - https://bugzilla.redhat.com/show_bug.cgi?id=816352 - https://bugzilla.novell.com/show_bug.cgi?id=759092 - [oss-security] 20120425 Re: CVE request: two flaws fixed in rubygem-mail 2.4.4 - [oss-security] 20120425 CVE request: two flaws fixed in rubygem-mail 2.4.4 - 48970 - - - - - - - - - - - - Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=815813 - netsnmp-snmpget-dos(75169) - 1026984 - 53258 - 53255 - [oss-security] 20120426 Re: CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) - [oss-security] 20120426 CVE Request -- net-snmp: Array index error, leading to out-of heap-based buffer read (snmpd crash) - 48938 - - - - - - - - - - The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=816956 - 1026995 - http://www.postgresql.org/support/security/ - http://www.postgresql.org/docs/9.1/static/release-9-1-4.html - http://www.postgresql.org/docs/9.0/static/release-9-0-8.html - http://www.postgresql.org/docs/8.4/static/release-8-4-12.html - http://www.postgresql.org/docs/8.3/static/release-8-3-19.html - MDVSA-2012:092 - DSA-2491 - FreeBSD-SA-12:02 - RHSA-2012:1037 - SUSE-SU-2012:0840 - FEDORA-2012-8915 - FEDORA-2012-8924 - FEDORA-2012-8893 - http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 - http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. - - - - - - - - - - - - https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab - https://bugs.launchpad.net/horizon/+bug/978896 - 53399 - 81741 - [oss-security] 20120505 [OSSA 2012-006] Horizon session fixation and reuse - USN-1439-1 - 49071 - 49024 - FEDORA-2012-7369 - - - - - - - - - - - Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=810013 - [oss-security] 20120429 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) - [oss-security] 20120428 Re: weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) - [oss-security] 20120427 weak use of crypto in python-elixir can lead to information disclosure (CVE and peer review request) - http://groups.google.com/group/sqlelixir/browse_thread/thread/efc16227514cffa?pli=1 - http://elixir.ematia.de/trac/ticket/119 - - - - - - - - - - munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. - - - - - - - - - [oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120417 RE: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws - - - - - - - - - - The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. - - - - - - - - - - - https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt - 53570 - http://www.openoffice.org/security/cves/CVE-2012-2149.html - 46992 - RHSA-2012:1043 - http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 1026970 - 53216 - 81473 - [oss-security] 20120501 Re: CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS - [oss-security] 20120430 CVE request: spip before 1.9.2.o, 2.0.18 and 2.1.13 multiple XSS - 48939 - [Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables - - - - - - - - - - - - - - Stack-based buffer overflow in the get_packet method in socket.c in dhcpcd 3.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long packet. - - - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=760334 - 53354 - [oss-security] 20120502 Re: CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service - [oss-security] 20120502 CVE Request: dhcpcd 3.2.3 remote stack overflow / denial of service - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupal.org/node/1506542 - drupal-cdn2video-unspecified-xss(74520) - 52812 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 80685 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - http://drupal.org/node/1506542 - drupal-cdn2video-unspecified-csrf(74522) - 52812 - 80686 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section. - - - - - - - - - - http://www.webapp-security.com/wp-content/uploads/2012/04/PlumeCMS-1.2.4-Multiple-Permanent-XSS.txt - - - - - - - - - - - - - - - - - - - - Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - - - - - - - - - - - iehs-multiple-open-redirect(74832) - http://www.ibm.com/support/docview.wss?uid=swg21598423 - http://www.ibm.com/support/docview.wss?uid=swg21596690 - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. - - - - - - - - - - iehs-multiple-xss(74833) - http://www.ibm.com/support/docview.wss?uid=swg21598423 - http://www.ibm.com/support/docview.wss?uid=swg21596690 - - - - - - - - - - - - - - - - - - - The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack. - - - - - - - - - - - was-pluginkey-spoofing(74900) - http://www-01.ibm.com/support/docview.wss?uid=swg21591172 - http://www-01.ibm.com/support/docview.wss?uid=swg21588312 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue. - - - - - - - - - - - sonas-command-execution(75037) - http://http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004170 - - - - - - - - - - - The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack. - - - - - - - - - - rcq-parameter-tampering(75039) - http://www.ibm.com/support/docview.wss?uid=swg21606318 - PM62735 - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query. - - - - - - - - - rcq-query-info-disclosure(75040) - http://www.ibm.com/support/docview.wss?uid=swg21606385 - PM62740 - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to obtain sensitive stack-trace information from CM server error messages via an invalid parameter. - - - - - - - - - rcq-stacktrace-info-disc(75048) - http://www.ibm.com/support/docview.wss?uid=swg21606319 - PM61822 - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. - - - - - - - - - - rcq-filedesc-xss(75049) - http://www.ibm.com/support/docview.wss?uid=swg21607783 - PM62762 - - - - - - - - - - - - - - - - - - - - - - - - The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. - - - - - - - - - was-snoop-info-disclosure(75234) - http://www.ibm.com/support/docview.wss?uid=swg21595172 - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. - - - - - - - - - - - ssds-smp-sql-injection(75236) - http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt - http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter. - - - - - - - - - - ssds-multiple-mp-xss(75239) - http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt - http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network. - - - - - - - - - appscansource-soliddbpass-weak-security(75242) - http://www.ibm.com/support/docview.wss?uid=swg21598423 - - - - - - - - - - - - - - - The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. - - - - - - - - - - - - lotusnotes-notes-command-execution(75320) - http://www.ibm.com/support/docview.wss?uid=swg21598348 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument. - - - - - - - - - - - - lotusinotes-dwa85w-bo(75321) - http://www.ibm.com/support/docview.wss?uid=swg21596862 - - - - - - - - - - - - - - - - - - - - - - - Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method. - - - - - - - - - - - - lotusquickr-activex-bo(75322) - http://www.ibm.com/support/docview.wss?uid=swg21596191 - - - - - - - - - - libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. - - - - - - - - - - - http://aix.software.ibm.com/aix/efixes/security/libodm_advisory.asc - aix-libodm-symlink(75510) - IV22019 - IV21383 - IV21382 - IV21381 - IV21379 - - - - - - - - - - - - The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. - Per: http://cwe.mitre.org/data/definitions/476.html - -'CWE-476: NULL Pointer Dereference' - - - - - - - - - db2-drdaconnection-dos(75418) - http://www.ibm.com/support/docview.wss?uid=swg21597090 - IC82234 - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL. - - - - - - - - - websphere-portal-dojo-dir-traversal(75584) - http://www.ibm.com/support/docview.wss?uid=swg21598363 - PM64172 - - - - - - - - - - - - Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. - Per: http://cwe.mitre.org/data/definitions/384.html - -'CWE-384: Session Fixation' - - - - - - - - - - - - ibm-maximo-session-fixation-iv09212(75776) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV09212 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors. - Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation' - - - - - - - - - - - - ibm-maximo-session-fixation-iv19887(75780) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV19887 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors. - - - - - - - - - ibm-maximo-info-disclosure(75784) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV17942 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. - - - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-012.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. - - - - - - - - - - - ibm-hmc-viosvrcmd-priv-escalation(75906) - MB03580 - MB03554 - MB03550 - MB03548 - http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_hmc_viosrvcmd_command_allows_elevated_privilege_on_vios_cve_2012_218825 - - - - - - - - - - - - - - - - IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol. - - - - - - - - - ibm-multiple-gskit-hello-dos(75994) - http://www-01.ibm.com/support/docview.wss?uid=swg21606096 - PM66218 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333. - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg21606145 - rds-recordlayer-dos(75996) - - - - - - - - - - - - - - - - - - The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. - - - - - - - - - aix-socketpair-dos(76032) - IV21235 - IV21131 - IV21128 - IV19178 - IV16603 - http://aix.software.ibm.com/aix/efixes/security/socket_advisory.asc - - - - - - - - - - - - - - - Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg21600837 - IC84716 - IC84715 - IC84714 - IC84711 - IC84019 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure. - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg21600837 - IC84751 - IC84750 - IC84748 - IC84712 - IC84614 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. - - - - - - - - - - - http://www-01.ibm.com/support/docview.wss?uid=swg21600837 - IC84755 - IC84754 - IC84753 - IC84752 - IC84555 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. - - - - - - - - - - - aix-sendmail-command-execution(76466) - IV22966 - IV22965 - IV22964 - IV22963 - http://aix.software.ibm.com/aix/efixes/security/sendmail1_advisory.asc - - - - - - - - - - - - - - Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter. - - - - - - - - - pnm-javatesterinit-dir-traversal(76801) - http://www-01.ibm.com/support/docview.wss?uid=swg21605630 - - - - - - - - - - - - - - - - - - - - IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, uses the PKCS #12 file format for certificate objects without enforcing file integrity, which makes it easier for remote attackers to spoof SSL servers via vectors involving insertion of an arbitrary root Certification Authority (CA) certificate. - - - - - - - - - - - rds-gskit-pkcs-spoofing(77280) - http://www-01.ibm.com/support/docview.wss?uid=swg21606145 - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. - - - - - - - - - - rcq-workspace-xss(77094) - http://www.ibm.com/support/docview.wss?uid=swg21605838 - PM61670 - - - - - - - - - - - - - - - - - - - - - - - - - - - The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. - - - - - - - - - wmq-ftewg-security-bypass(77095) - http://www.ibm.com/support/docview.wss?uid=swg21607481 - 20478 - IC82761 - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in upgrade.php in Piwigo before 2.3.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23085 - 53245 - 18782 - 48903 - http://piwigo.org/releases/2.3.4 - http://piwigo.org/forum/viewtopic.php?id=19173 - http://piwigo.org/bugs/view.php?id=2607 - 20120425 Multiple vulnerabilities in Piwigo - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_new module, or (3) theme parameter in the theme module. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23085 - 53245 - 18782 - 48903 - http://piwigo.org/releases/2.3.4 - http://piwigo.org/forum/viewtopic.php?id=19173 - http://piwigo.org/bugs/view.php?id=2607 - 20120425 Multiple vulnerabilities in Piwigo - - - - - - - - - - The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. - - - - - - - - - 18705 - - - - - - - - - - ** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers. - - - - - - - - - 20120424 RE: McAfee Web Gateway URL Filtering Bypass - 20120421 Re: McAfee Web Gateway URL Filtering Bypass - 20120416 McAfee Web Gateway URL Filtering Bypass - - - - - - - - - - ** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br. - - - - - - - - - 20120421 Re: Squid URL Filtering Bypass - 20120420 Re: Squid URL Filtering Bypass - 20120419 RE: Squid URL Filtering Bypass - 20120419 Re: Squid URL Filtering Bypass - 20120418 Re: Squid URL Filtering Bypass - 20120416 Squid URL Filtering Bypass - - - - - - - - - - proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests. - - - - - - - - - - http://pidgin.im/news/security/?id=62 - http://hg.pidgin.im/pidgin/main/rev/5f9d676cefdb - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. - - - - - - - - - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html - http://download.novell.com/Download?buildid=rs4B5jhWKf8~ - 20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x21 Arbitrary File Download Vulnerability - http://www.novell.com/support/viewContent.do?externalId=7010044 - - - - - - - - - - - The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission. - - - - - - - - - - http://www.vsecurity.com/resources/advisory/20120420-1/ - 20120421 HTC IQRD Android Permission Leakage (CVE-2012-2217) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. - - - - - - - - - - http://www.novell.com/support/viewContent.do?externalId=7010137 - http://www.novell.com/support/viewContent.do?externalId=7010044 - http://www.novell.com/support/viewContent.do?externalId=7008244 - - - - - - - - - - - - - - - - Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability." - - - - - - - - - - - http://safe.xunlei.com/announce/xl20120306.html - http://blog.vulnhunt.com/index.php/2012/03/06/cal-2012-0006xunlei-dll-injection-vulnerability/ - - - - - - - - - - 360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction. - - - - - - - - - - - http://blog.vulnhunt.com/index.php/2012/01/01/cal-2011-0080/ - - - - - - - - - - Directory traversal vulnerability in update/index.php in PluXml before 5.1.6 allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the default_lang parameter. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23086 - pluxml-index-file-include(75330) - 53348 - http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6 - 18828 - http://telechargements.pluxml.org/changelog - 49026 - 20120502 Local File Inclusion in PluXml - - - - - - - - - - Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574. - - - - - - - - - - - https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. - - - - - - - - - - https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt - http://packetstormsecurity.org/files/111905/ - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message. - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-012.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action. - - - - - - - - - - - 20120416 Fwd: PHP Gift Registry 1.5.5 SQL Injection - - - - - - - - - - master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. - - - - - - - - - 52929 - http://secunia.com/secunia_research/2012-9/ - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf - - - - - - - - - - - - - - - - - master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923. - - - - - - - - - 52929 - http://secunia.com/secunia_research/2012-9/ - http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. - - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - 48850 - http://owncloud.org/security/advisories/CVE-2012-2269/ - - - - - - - - - - Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. - - - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-01.txt - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - 48850 - http://owncloud.org/security/advisories/CVE-2012-2270/ - - - - - - - - - - Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument). - - - - - - - - - - - 18892 - - - - - - - - - - Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. - - - - - - - - - http://www.comodo.com/home/download/release-notes.php?p=anti-malware - 20120419 [CVE-2012-2273] Comodo Internet Security <5.10 BSOD (Win7 x64) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23087 - http://pivotx.net/page/security - http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4147 - http://pivot-weblog.svn.sourceforge.net/viewvc/pivot-weblog?view=revision&revision=4145 - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php. - - - - - - - - - - - - http://gitorious.org/testlink-ga/testlink-code/commit/c8751a3c9ad8970b49d1bf882203efacd10af087 - http://gitorious.org/testlink-ga/testlink-code/commit/2d4ac941314f8bda80e265c9de8bacf17d1cd3e6 - http://gitorious.org/testlink-ga/testlink-code/commit/252788c2373e73173172ada9af661e0721599891 - https://www.htbridge.com/advisory/HTB23088 - testlink-userinfo-csrf(78306) - 21135 - http://packetstormsecurity.org/files/116275/TestLink-1.9.3-Cross-Site-Request-Forgery.html - 20120905 Cross-Site Request Forgery (CSRF) in TestLink - - - - - - - - - - - - - - - - - - - - - - - - - The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. - - - - - - - - - emc-documentum-irm-dos(75553) - 53475 - 20120510 ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities - 18734 - 48690 - http://aluigi.org/adv/irm_1-adv.txt - - - - - - - - - - - The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. - - - - - - - - - emc-documentum-dos(75554) - 53475 - 20120510 ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities - 18734 - 48690 - http://aluigi.org/adv/irm_1-adv.txt - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - 20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. - - - - - - - - - - 20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." - - - - - - - - - 20120711 ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities - - - - - - - - - - - - - - - - - - - - - - - EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. - - - - - - - - - - - 20120702 ESA-2012-026: RSA Access Manager Session Replay Vulnerability - - - - - - - - - - - - - - - - EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. - - - - - - - - - - - 20120711 ESA-2012-027: EMC Celerra/VNX/VNXe Improper Access Control Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors. - - - - - - - - - - 20120808 ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. - - - - - - - - - - - 20120828 ESA-2012-034: EMC Cloud Tiering Appliance (CTA) Authentication Bypass Vulnerability - - - - - - - - - - - - - Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message. - - - - - - - - - - - 20120830 ESA-2012-038: EMC NetWorker Format String Vulnerability - - - - - - - - - - - - EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. - - - - - - - - - - - 20120823 ESA-2012-039: EMC ApplicationXtender Arbitrary File Upload Vulnerability - - - - - - - - - - - - - The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x before 6.x-2.2, and 7.x-2.x before 7.x-2.2 stores user profile data from Engage in session tables, which might allow remote attackers to obtain sensitive information by leveraging a separate vulnerability. - - - - - - - - - https://drupal.org/node/1515282 - http://drupal.org/node/1515282 - http://drupal.org/node/1515120 - http://drupal.org/node/1515114 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - [oss-security] 20120410 Re: CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments) - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creativecommons_user_message or (2) creativecommons_site_license_additional_text parameter. - - - - - - - - - - creativecommons-licensedescription-xss(75180) - 53248 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://www.madirish.net/content/drupal-creative-commons-6x-10-xss-vulnerability - 48937 - http://drupal.org/node/1547520 - http://drupal.org/node/1547478 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks." - - - - - - - - - - http://drupalcode.org/project/realname.git/commitdiff/b920794 - http://drupalcode.org/project/realname.git/commitdiff/41786d0 - http://drupal.org/node/1547660 - http://drupal.org/node/1547352 - 53250 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 48936 - - - - - - - - - - - - - - - - - - - - - The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database. - - - - - - - - - http://drupalcode.org/project/ubercart.git/commitdiff/8c61e84 - http://drupalcode.org/project/ubercart.git/commitdiff/035d2cb - http://drupal.org/node/1547674 - http://drupal.org/node/1547508 - http://drupal.org/node/1547506 - 53251 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 48935 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupalcode.org/project/ubercart.git/commitdiff/dfd8658 - http://drupalcode.org/project/ubercart.git/commitdiff/3e7c0b8 - http://drupal.org/node/1547674 - http://drupal.org/node/1547508 - http://drupal.org/node/1547506 - 53251 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 48935 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 does not properly check the save location when archiving, which allows remote attackers to obtain sensitive information via unspecified vectors. - - - - - - - - - http://drupalcode.org/project/sitedoc.git/commitdiff/521721c - 81555 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://drupal.org/node/1547686 - http://drupal.org/node/1546224 - - - - - - - - - - - - - - - - The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. - - - - - - - - - - - http://drupalcode.org/project/spaces.git/commitdiff/cee919c - http://drupal.org/node/1547736 - http://drupal.org/node/1547730 - 53252 - 81556 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 48930 - - - - - - - - - - - - - - - - - - - - - - The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors. - - - - - - - - - http://drupal.org/node/1547716 - linkit-search-security-bypass(75183) - 53253 - 81557 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 48900 - http://drupal.org/node/1547738 - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Node Gallery module for Drupal 6.x-3.1 and earlier allows remote attackers to hijack the authentication of certain users for requests that create node galleries. - - - - - - - - - - - - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://drupal.org/node/1557852 - - - - - - - - - - SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://drupal.org/node/1557868 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://drupal.org/node/1557868 - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - drupal-taxonomygrid-unspecified-xss(75345) - 53345 - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://drupal.org/node/1557872 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Glossify Internal Links Auto SEO module for Drupal 6.x-2.5 and earlier allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - http://drupal.org/node/1557874 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - [oss-security] 20120502 Re: CVE Request for Drupal contributed modules - [oss-security] 20120502 CVE Request for Drupal contributed modules - 49018 - http://drupal.org/node/1558248 - http://drupal.org/node/1508100 - http://drupal.org/node/1508098 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. - - - - - - - - - - - VU#520827 - https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1 - https://bugs.php.net/bug.php?id=61910 - http://www.php.net/ChangeLog-5.php#5.4.3 - http://www.php.net/archive/2012.php#id2012-05-08-1 - 49014 - HPSBUX02791 - SSRT100856 - http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. - - - - - - - - - https://github.com/torvalds/linux/commit/1bb57e940e1958e40d51f2078f50c3a96a9b2d75 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1bb57e940e1958e40d51f2078f50c3a96a9b2d75 - https://bugzilla.redhat.com/show_bug.cgi?id=818820 - [oss-security] 20120504 Re: CVE Request: more tight ioctl permissions in dl2k driver - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.7 - - - - - - - - - - - - - - - - - - - - - - The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. - - - - - - - - - [oss-security] 20120504 CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module - https://bugzilla.redhat.com/show_bug.cgi?id=819031 - 53486 - [oss-security] 20120504 Re: CVE Request -- anaconda: Weak permissions by writing password configuration file in bootloader configuration module - FEDORA-2012-7579 - http://git.fedorahosted.org/git/?p=anaconda.git;a=commit;h=03ef13b625cc06873a924e0610340f8489fd92df - - - - - - - - - - admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action. - - - - - - - - - openkm-userpermissions-security-bypass(72112) - 51250 - [oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - 47424 - 78105 - 20120104 Re: OpenKM 5.1.7 Privilege Escalation - 20120103 OpenKM 5.1.7 Privilege Escalation - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. - - - - - - - - - - - - 78106 - [oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - [oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) - http://wiki.openkm.com/index.php/Changelog - 47420 - http://openkm.svn.sourceforge.net/viewvc/openkm?view=revision&revision=7406 - 20120103 OpenKM 5.1.7 OS Command Execution (XSRF based) - - - - - - - - - - - The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing. - - - - - - - - - USN-1481-1 - [oss-security] 20120505 Re: Debian/Ubuntu php_crypt_revamped.patch - [oss-security] 20120504 Debian/Ubuntu php_crypt_revamped.patch - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170 - - - - - - - - - - - - - - - - - - - - - - - - - msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message. - - - - - - - - - http://pidgin.im/news/security/?id=63 - http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4 - openSUSE-SU-2012:0866 - 53400 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020. - - - - - - - - - - - https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77 - https://bugzilla.redhat.com/show_bug.cgi?id=819471 - [oss-security] 20120507 Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77 - - - - - - - - - - ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message. - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=715172 - connman-netlink-security-bypass(75465) - 53406 - 81704 - [oss-security] 20120507 Re: connman heads up / CVE requests - [oss-security] 20120507 connman heads up / CVE requests - [oss-security] 20120507 Re: connman heads up / CVE requests - GLSA-201205-02 - 49186 - 49033 - http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9 - http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply. - - - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=715172 - connman-hostname-command-exec(75466) - 53408 - 81705 - [oss-security] 20120507 Re: connman heads up / CVE requests - [oss-security] 20120507 connman heads up / CVE requests - [oss-security] 20120507 Re: connman heads up / CVE requests - GLSA-201205-02 - 49186 - 49033 - http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=a5f540db7354b76bcabd0a05d8eb8ba2bff4e911 - http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=26ace5c59f790bce0f1988b88874c6f2c480fd5a - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet. - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=715172 - connman-dhcp-dos(75420) - 53410 - 81706 - [oss-security] 20120507 Re: connman heads up / CVE requests - [oss-security] 20120507 connman heads up / CVE requests - [oss-security] 20120507 Re: connman heads up / CVE requests - GLSA-201205-02 - 49186 - 49033 - http://git.kernel.org/?p=network/connman/connman.git;a=commitdiff;h=1d1a22fe586a455935483708fbe8eaeada79df7f - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP). - - - - - - - - - - - http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - 53417 - [oss-security] 20120507 Re: CVE request: mybb before 1.6.7 - [oss-security] 20120507 CVE request: mybb before 1.6.7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - 53417 - [oss-security] 20120507 Re: CVE request: mybb before 1.6.7 - [oss-security] 20120507 CVE request: mybb before 1.6.7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment. - - - - - - - - - - http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - 53417 - [oss-security] 20120507 Re: CVE request: mybb before 1.6.7 - [oss-security] 20120507 CVE request: mybb before 1.6.7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message. - - - - - - - - - http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/ - 53417 - [oss-security] 20120507 Re: CVE request: mybb before 1.6.7 - [oss-security] 20120507 CVE request: mybb before 1.6.7 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=820000 - https://bugs.php.net/bug.php?id=61807 - php-apacherequestheaders-bo(75545) - 53455 - http://www.php.net/ChangeLog-5.php#5.4.3 - http://www.php.net/archive/2012.php#id2012-05-08-1 - 49014 - - - - - - - - - - - - The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string. - - - - - - - - - - https://github.com/joyent/node/commit/c9a231d - https://github.com/joyent/node/commit/7b3fb22 - [oss-security] 20120508 Re: CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure - [oss-security] 20120508 CVE request: node.js <0.6.17/0.7.8 HTTP server information disclosure - 49066 - http://blog.nodejs.org/2012/05/04/version-0-6-17-stable/ - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). - - - - - - - - - - https://github.com/s9y/Serendipity/commit/264bf55719baacc069ff9d3cc35f0c349cde11e3 - 53418 - http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html - [oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1 - [oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1 - http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt - 49009 - http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html - 20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). - - - - - - - - - - - 53418 - http://www.rul3z.de/index.php?/214-KORAMISADV2012-001-Serendipity-1.6-Backend-Cross-Site-Scripting-and-SQL-Injection-vulnerability.html - [oss-security] 20120508 Re: CVE request: XSS and SQL injection in serendipity before 1.7.1 - [oss-security] 20120508 CVE request: XSS and SQL injection in serendipity before 1.7.1 - http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt - http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html - 20120508 Serendipity 1.6 Backend Cross-Site Scripting and SQL-Injection vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=820686 - openssl-tls-record-dos(75525) - 1027057 - 53476 - http://www.openssl.org/news/secadv_20120510.txt - DSA-2475 - http://www.cert.fi/en/reports/2012/vulnerability641549.html - 49324 - 49208 - 49116 - FEDORA-2012-7939 - http://cvs.openssl.org/chngview?cn=22547 - http://cvs.openssl.org/chngview?cn=22538 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow. - - - - - - - - - - - - http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e - http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da - https://bugzilla.redhat.com/show_bug.cgi?id=821803 - openoffice-powerpoint-dos(75695) - 53570 - 82517 - [oss-security] 20120528 Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification - http://www.openoffice.org/security/cves/CVE-2012-2334.html - MDVSA-2012:091 - MDVSA-2012:090 - http://www.libreoffice.org/advisories/cve-2012-2334/ - DSA-2487 - 1027070 - 49392 - 49373 - 47244 - 46992 - RHSA-2012:0705 - FEDORA-2012-8114 - 20120516 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 - - - - - - - - - - - - - - - - - - - - - - - - php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. - - - - - - - - - - - VU#520827 - https://bugs.php.net/bug.php?id=61910 - php-phpwrapperfcgi-code-exec(75652) - http://www.php.net/archive/2012.php#id2012-05-06-1 - 49014 - SUSE-SU-2012:0840 - http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569 - http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ - - - - - - - - - - - sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. - - - - - - - - - https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1 - https://bugs.php.net/bug.php?id=61910 - http://www.php.net/ChangeLog-5.php#5.4.3 - http://www.php.net/archive/2012.php#id2012-05-08-1 - 49014 - SUSE-SU-2012:0840 - - - - - - - - - - - - - sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=820677 - http://www.sudo.ws/sudo/alerts/netmask.html - 1027077 - MDVSA-2012:079 - DSA-2478 - 49291 - 49244 - 49219 - FEDORA-2012-7998 - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php. - - - - - - - - - - - 53463 - [oss-security] 20120510 Re: CVE-request: galette sql injection - [oss-security] 20120510 CVE-request: galette sql injection - http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba - http://redmine.ulysses.fr/issues/250 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information." - - - - - - - - - - glossary-taxonomyinformation-xss(75503) - 53440 - [oss-security] 20120615 Re: CVE Request for Drupal contributed modules - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - [oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10 - [oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10 - 49074 - http://drupalcode.org/project/glossary.git/commitdiff/c6cc3ac - http://drupal.org/node/1569482 - http://drupal.org/node/1568156 - - - - - - - - - - - - - - - - - - - - - - - - The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified vectors. - - - - - - - - - http://drupal.org/node/1569508 - http://drupal.org/node/1569352 - 53441 - [oss-security] 20120615 Re: CVE Request for Drupal contributed modules - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - [oss-security] 20120510 Re: CVE Request for Drupal contributed modules - 2012-05-10 - [oss-security] 20120510 CVE Request for Drupal contributed modules - 2012-05-10 - 49070 - http://drupalcode.org/project/contact_forms.git/commitdiff/d11ce2b - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files. - - - - - - - - - - - - takecontrol-ajaxcalls-csrf(75504) - 53452 - [oss-security] 20120615 Re: CVE Request for Drupal contributed modules - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49060 - http://drupal.org/node/1569512 - http://drupal.org/node/1243604 - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5097. Reason: This candidate is a duplicate of CVE-2010-5097. Notes: All CVE users should reference CVE-2010-5097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5098. Reason: This candidate is a duplicate of CVE-2010-5098. Notes: All CVE users should reference CVE-2010-5098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5100. Reason: This candidate is a duplicate of CVE-2010-5100. Notes: All CVE users should reference CVE-2010-5100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5101. Reason: This candidate is a duplicate of CVE-2010-5101. Notes: All CVE users should reference CVE-2010-5101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5102. Reason: This candidate is a duplicate of CVE-2010-5102. Notes: All CVE users should reference CVE-2010-5102 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5103. Reason: This candidate is a duplicate of CVE-2010-5103. Notes: All CVE users should reference CVE-2010-5103 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5104. Reason: This candidate is a reservation duplicate of CVE-2010-5104. Notes: All CVE users should reference CVE-2010-5104 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. - - - - - - - - - [oss-security] 20120512 Re: CVE request: mahara - http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea - https://bugs.launchpad.net/mahara/+bug/932909 - [oss-security] 20120511 CVE request: mahara - DSA-2467 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions. - - - - - - - - - - - https://www.sympa.org/distribution/latest-stable/NEWS - https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358 - 53503 - 81890 - [oss-security] 20120512 Re: CVE request: sympa (try again) - [oss-security] 20120511 Re: CVE request: sympa (try again) - [oss-security] 20120511 CVE request: sympa (try again) - DSA-2477 - 49237 - 49045 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923 - - - - - - - - - - - - - - - - - - Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=48e03792ca8faa2d781f9ef74606f3b3f0d3baec - [oss-security] 20120523 Moodle security notifications public - - - - - - - - - - - - - - - - - - Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32240 - - - - - - - - - - - - - - - - - - The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239 - - - - - - - - - - - - - - - - - - The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=895e76ea51c462c18ad66e0761ad76cd26a63ecf - [oss-security] 20120523 Moodle security notifications public - - - - - - - - - - - - - - - - - - Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. - - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31811 - - - - - - - - - - - - - - - - - - - - - - - - - - - admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. - - - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=0f75e1e6272db0303abc8e27362e5c3a1344b82f - [oss-security] 20120523 Moodle security notifications public - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. - - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32018 - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. - - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694 - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. - - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8 - [oss-security] 20120523 Moodle security notifications public - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. - - - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_19_STABLE&st=commit&s=MDL-31746 - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. - - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20 - [oss-security] 20120523 Moodle security notifications public - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. - - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691 - - - - - - - - - - - - - - - - - - - - - - - - - - - mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. - - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763 - - - - - - - - - - - - - - - - - - Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. - - - - - - - - - [oss-security] 20120523 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password. - - - - - - - - - https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322 - [oss-security] 20120514 Re: CVE request: Bytemark Symbiosis - [oss-security] 20120514 CVE request: Bytemark Symbiosis - 48993 - - - - - - - - - - Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message. - - - - - - - - - - - [oss-security] 20120516 Format string security flaw in pidgin-otr - SUSE-SU-2012:0703 - - - - - - - - - - Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. - - - - - - - - - http://git.gnome.org/browse/gdk-pixbuf/commit/?id=b1bb3053856aede37d473c92f0e5a10e29f10516 - http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22 - https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150 - gdkpixbuf-readbitmapfiledata-bo(75578) - [oss-security] 20120515 Re: CVE Request: gdk-pixbuf Integer overflow in XBM file loader - [oss-security] 20120515 CVE Request: gdk-pixbuf Integer overflow in XBM file loader - GLSA-201206-20 - 49715 - 49125 - http://git.gnome.org/browse/gdk-pixbuf/ - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. - - - - - - - - - - 53497 - [oss-security] 20120515 Re: CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability - [oss-security] 20120515 CVE-request: WordPress wp-facethumb plugin reflected XSS vulnerability - http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79 - 49143 - http://packetstormsecurity.org/files/112658/WordPress-WP-FaceThumb-Gallery-0.1-Cross-Site-Scripting.html - - - - - - - - - - The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition. - - - - - - - - - https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626 - https://bugzilla.redhat.com/show_bug.cgi?id=822821 - [oss-security] 20120518 Re: CVE Request -- kernel: mm: read_pmd_atomic: 32bit PAE pmd walk vs pmd_populate SMP race condition - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input. - - - - - - - - - http://www.tornadoweb.org/documentation/releases/v2.2.1.html - 53612 - [oss-security] 20120518 CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection - 49185 - [oss-security] 20120518 Re: CVE Request -- Tornado (python-tornado): Tornado v2.2.1 tornado.web.RequestHandler.set_header() fix to prevent header injection - - - - - - - - - - - - - - - - - - - The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131. - - - - - - - - - https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=20e0fa98b751facf9a1101edaefbc19c82616a68 - https://bugzilla.redhat.com/show_bug.cgi?id=822869 - [oss-security] 20120518 Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2 - - - - - - - - - - - - - - - - - Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=823464 - php-comprinttypeinfo-bo(75778) - php-comprinttypeinfo-function-dos(75778) - 1027089 - 18861 - [oss-security] 20120519 Re: CVE Request: PHP 5.4.3 on Windows com_print_typeinfo() Buffer Overflow (?) - http://isc.sans.edu/diary.html?storyid=13255 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality. - - - - - - - - - - - - 20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role. - - - - - - - - - - 20120624 CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. - - - - - - - - - https://github.com/torvalds/linux/commit/ed8cd3b2cd61004cab85380c52b1817aca1ca49b - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ed8cd3b2cd61004cab85380c52b1817aca1ca49b - https://bugzilla.redhat.com/show_bug.cgi?id=824176 - [oss-security] 20120522 Re: CVE Request: some drm overflow checks - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5 - - - - - - - - - - - - - - - - - - - - Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call. - - - - - - - - - https://github.com/torvalds/linux/commit/44afb3a04391a74309d16180d1e4f8386fdfa745 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=44afb3a04391a74309d16180d1e4f8386fdfa745 - https://bugzilla.redhat.com/show_bug.cgi?id=824178 - [oss-security] 20120522 Re: CVE Request: some drm overflow checks - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5 - - - - - - - - - - - - - - - - - - - - The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. - - - - - - - - - https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e - https://github.com/keithw/mosh/issues/271 - https://github.com/keithw/mosh/blob/master/ChangeLog - https://bugzilla.redhat.com/show_bug.cgi?id=823943 - mosh-sequences-dos(75779) - 53646 - [oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher - 49260 - FEDORA-2012-9442 - FEDORA-2012-9414 - FEDORA-2012-9422 - - - - - - - - - - - - - - - - - - - Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=823594 - https://bugs.php.net/bug.php?id=61065 - http://www.php.net/ChangeLog-5.php - [oss-security] 20120522 Re: CVE request: PHP Phar - arbitrary code execution - SUSE-SU-2012:0840 - http://git.php.net/?p=php-src.git;a=commit;h=158d8a6b088662ce9d31e0c777c6ebe90efdc854 - http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random numbers, which makes it easier for remote attackers to obtain the secret monikers via a brute force attack. - - - - - - - - - [oss-security] 20120522 CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions - [oss-security] 20120521 Re: CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions - [oss-security] 20120518 CVE id request: devotee (debian vote engine) cryptographically weak random numbers permit discovery of secret ballot submissions - - - - - - - - - - The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." - - - - - - - - - - - strongswan-rsa-security-bypass(76013) - http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html - 1027110 - 53752 - DSA-2483 - 49370 - 49336 - 49315 - 82587 - openSUSE-SU-2012:0691 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=824660 - https://bugzilla.novell.com/show_bug.cgi?id=740964 - [oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials - [oss-security] 20120523 CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials - [oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials - FEDORA-2012-8611 - - - - - - - - - - Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations. - - - - - - - - - https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c50ac050811d6485616a193eb0f37bfbd191cc89 - https://bugzilla.redhat.com/show_bug.cgi?id=824345 - [oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2 - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2942. Reason: This candidate is a duplicate of CVE-2012-2942. Notes: All CVE users should reference CVE-2012-2942 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805 - http://www.wireshark.org/security/wnpa-sec-2012-08.html - MDVSA-2012:080 - MDVSA-2012:042 - MDVSA-2012:015 - 49226 - oval:org.mitre.oval:def:15604 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation. - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-diameter.c?r1=42200&r2=42199&pathrev=42200 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138 - http://www.wireshark.org/security/wnpa-sec-2012-09.html - 53652 - MDVSA-2012:080 - MDVSA-2012:042 - MDVSA-2012:015 - 49226 - oval:org.mitre.oval:def:15558 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=42200 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet. - - - - - - - - - http://anonsvn.wireshark.org/viewvc?view=revision&revision=42393 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221 - http://www.wireshark.org/security/wnpa-sec-2012-10.html - 53653 - MDVSA-2012:080 - MDVSA-2012:042 - MDVSA-2012:015 - 49226 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) username or (2) password fields to the power_system method in the xmlrpc API. - - - - - - - - - - - https://github.com/cobbler/cobbler/commit/6d9167e5da44eca56bdf42b5776097a6779aaadf - https://github.com/cobbler/cobbler/issues/141 - https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/978999 - 53666 - 82458 - [oss-security] 20120523 CVE request: cobbler command injection - [oss-security] 20120523 Re: CVE request: cobbler command injection - SUSE-SU-2012:0814 - openSUSE-SU-2012:0655 - - - - - - - - - - VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. - http://cwe.mitre.org/data/definitions/369.html 'CWE-369: Divide By Zero' - - - - - - - - - - 18757 - oval:org.mitre.oval:def:15615 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. - - - - - - - - - - - - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - 48850 - http://owncloud.org/security/advisories/CVE-2012-2397/ - - - - - - - - - - Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. - - - - - - - - - - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - 48850 - http://owncloud.org/security/advisories/cve-2012-2398/ - - - - - - - - - - Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in WordPress before 3.3.2 has unknown impact and attack vectors. - - - - - - - - - - - http://wordpress.org/news/2012/04/wordpress-3-3-2/ - DSA-2470 - 49138 - http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/swfupload/swfupload.swf?rev=20503 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors. - - - - - - - - - - - http://wordpress.org/news/2012/04/wordpress-3-3-2/ - DSA-2470 - 49138 - http://core.trac.wordpress.org/changeset/20499/branches/3.3/wp-includes/js/swfobject.js - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content. - - - - - - - - - http://wordpress.org/news/2012/04/wordpress-3-3-2/ - DSA-2470 - 49138 - http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload?rev=20487 - http://core.trac.wordpress.org/browser/branches/3.3/wp-includes/js/plupload/changelog.txt?rev=20487 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors. - - - - - - - - - - http://wordpress.org/news/2012/04/wordpress-3-3-2/ - DSA-2470 - 49138 - http://core.trac.wordpress.org/changeset/20526/branches/3.3/wp-admin/plugins.php - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. - - - - - - - - - - http://wordpress.org/news/2012/04/wordpress-3-3-2/ - DSA-2470 - 49138 - http://core.trac.wordpress.org/changeset/20493/branches/3.3/wp-includes/formatting.php - http://core.trac.wordpress.org/changeset/20493/branches/3.3/wp-includes/capabilities.php - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. - - - - - - - - - - http://wordpress.org/news/2012/04/wordpress-3-3-2/ - DSA-2470 - 49138 - http://core.trac.wordpress.org/changeset/20486/branches/3.3/wp-comments-post.php - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=812045 - http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 - - - - - - - - - - - - - - - - - RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. - - - - - - - - - - - - realplayer-asmrulebook-code-exec(75647) - 1027076 - http://service.real.com/realplayer/security/05152012_player/en/ - 49193 - 81943 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking. - - - - - - - - - - - http://service.real.com/realplayer/security/09072012_player/en/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding. - - - - - - - - - - - http://service.real.com/realplayer/security/09072012_player/en/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410. - - - - - - - - - - - http://service.real.com/realplayer/security/09072012_player/en/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409. - - - - - - - - - - - http://service.real.com/realplayer/security/09072012_player/en/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. - - - - - - - - - - - - realplayer-realjukebox-bo(75648) - 1027076 - http://service.real.com/realplayer/security/05152012_player/en/ - 49193 - 81944 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action. - - - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-004.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events. - - - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-005.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel. - - - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-006.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. - - - - - - - - - https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2 - openSUSE-SU-2012:0830 - https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog - https://bugs.launchpad.net/pycrypto/+bug/985164 - pycrypto-keys-weak-security(75871) - 53687 - 82279 - [oss-security] 20120524 CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation - 49263 - FEDORA-2012-8470 - FEDORA-2012-8490 - FEDORA-2012-8392 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character. - - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak - - - - - - - - - - - - - Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory consumption) via a URI with multiple references to the same name-value pair. - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak - - - - - - - - - - - - - The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to obtain sensitive information via a URI with a % (percent) character as its (1) last or (2) second-to-last character, in situations where a certain "post-URL data" buffer contains a 0x0000 character but a buffer overflow does not occur. - - - - - - - - - - VU#232979 - quickbooks-helpasyncl-info-disc(74548) - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak - - - - - - - - - - - - - Absolute path traversal vulnerability in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, might allow remote attackers to read arbitrary files in ZIP archives via a full pathname in the URI. - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol File Retrieval - - - - - - - - - - - - - Intuit QuickBooks 2009 through 2012 might allow remote attackers to obtain pathname information via the qbwc://docontrol/GetCompanyFile functionality. - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol File Retrieval - - - - - - - - - - - - - The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, provide different responses to remote requests depending on whether a ZIP pathname is valid, which allows remote attackers to obtain potentially sensitive information about the installation path and product version via a series of requests involving the Msxml2.XMLHTTP object. - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol File Retrieval - - - - - - - - - - - - - The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a URI that lacks a required delimiter. - Per: http://cwe.mitre.org/data/definitions/476.html - -CWE-476: NULL Pointer Dereference - - - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol File Retrieval - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak - - - - - - - - - - - - - The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allow remote attackers to cause a denial of service (application crash) via a long URI. - - - - - - - - - - VU#232979 - 20120330 Intuit Help System Protocol File Retrieval - 20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak - - - - - - - - - - - - - The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf - - - - - - - - - - Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf - - - - - - - - - - Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf - - - - - - - - - - The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf - - - - - - - - - - Directory traversal vulnerability in the captcha module in Pligg CMS before 1.2.2 allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the captcha parameter to module.php, as demonstrated by cross-site request forgery (CSRF) attacks. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23089 - http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440 - http://forums.pligg.com/downloads.php?do=file&id=15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter in a move or (2) minimize action to admin/admin_index.php; (3) the karma_username parameter to module.php in the karma module; (4) q_1_low, (5) q_1_high, (6) q_2_low, or (7) q_2_high parameter in a configure action to module.php in the captcha module; or (8) the edit parameter to module.php in the admin_language module. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23089 - pliggcms-adminindex-xss(75834) - pliggcms-multiple1-xss(75764) - 53662 - 53625 - http://secunia.com/secunia_research/2012-18/ - 49257 - 45431 - http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2452 - http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2441 - http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2440 - http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/modules/admin_language/admin_language_main.php?r1=2442&r2=2441&pathrev=2442 - http://forums.pligg.com/downloads.php?do=file&id=15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - VU#928795 - - - - - - - - - - The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - VU#834723 - - - - - - - - - - RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-116-01A.pdf - VU#889195 - http://www.wired.com/threatlevel/2012/04/ruggedcom-backdoor/ - http://www.ruggedcom.com/productbulletin/ros-security-page/ - 20120423 RuggedCom - Backdoor Accounts in my SCADA network? You don't say... - http://arstechnica.com/business/news/2012/04/backdoor-in-mission-critical-hardware-threatens-power-traffic-control-systems.ars - - - - - - - - - - Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file. - - - - - - - - - - nokiapcsuite-mp4-dos(75235) - 53290 - 18795 - http://packetstormsecurity.org/files/112295/Nokia-CP-Suite-Video-Manager-7.1.180.64-Denial-Of-Service.html - 81498 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. - - - - - - - - - - VU#763795 - http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. - - - - - - - - - - - - VU#763795 - http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html - - - - - - - - - - VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0009.html - - - - - - - - - - - - - - - - - - - - - - - - VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x through 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly configure the virtual floppy device, which allows guest OS users to cause a denial of service (out-of-bounds write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0009.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS. - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0009.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries. - - - - - - - - - - https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59 - https://bugzilla.redhat.com/show_bug.cgi?id=818386 - config-inifiles-symlink(75328) - 53361 - 81671 - [oss-security] 20120502 temporary file issue in Config::IniFiles Config-IniFiles perl-Config-IniFiles - 48990 - FEDORA-2012-7763 - FEDORA-2012-7777 - FEDORA-2012-7802 - - - - - - - - - - Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, 0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2 allows remote attackers to cause a denial of service (block-processing outage and incorrect block count) via unknown behavior on a Bitcoin network. - - - - - - - - - https://en.bitcoin.it/wiki/CVEs - https://bugs.gentoo.org/show_bug.cgi?id=415973 - https://bitcointalk.org/?topic=81749 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when the High Availability (HA) policy is configured for Reset, allows remote attackers to cause a denial of service (device reset) via a malformed Cisco Discovery Protocol (CDP) packet, aka Bug IDs CSCtk34535 and CSCtk19132. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html - http://www.4salesbyself.com/troubleshooting-random-nexus-reboots.aspx - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 and 8.4, when SIP inspection is enabled, create many identical pre-allocated secondary pinholes, which might allow remote attackers to cause a denial of service (CPU consumption) via crafted SIP traffic, aka Bug ID CSCtz63143. - - - - - - - - - http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.2 through 8.4 allows remote authenticated users to cause a denial of service (memory consumption and blank response page) by using the clientless WebVPN feature, aka Bug ID CSCth34278. - - - - - - - - - http://www.cisco.com/web/software/280775065/45357/ASA-825-Interim-Release-Notes.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. - - - - - - - - - - - 20120711 Multiple Vulnerabilities in Cisco TelePresence Manager - 20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - 20120711 Multiple Vulnerabilities in Cisco TelePresence Recording Server - 20120711 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593. - - - Per: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120530-iosxr - -'Affected Products -This vulnerability affects IOS XR Software version 4.2.0 running on the Cisco ASR 9000 Series RSP440. It also affects IOS XR Software versions 4.0.3, 4.0.4, 4.1.0, 4.1.1, 4.1.2, and 4.2.0 running on the CRS Performance Route Processor.' - - - - - - - - - 1027104 - 53728 - 20120530 Cisco IOS XR Software Route Processor Denial of Service Vulnerability - 49329 - - - - - - - - - - - - - - - - - - - - - Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. - - - - - - - - - http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html - - - - - - - - - - The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. - - - - - - - - - - - - 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - - - - - - - - - - - - - - - - - - - - - - - - - The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. - - - - - - - - - - 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - - - - - - - - - - - - - - - - - - - - - - - - - The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. - - - - - - - - - - 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - - - - - - - - - - - - - - - - - - - - - - - - - - - - - A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925. - - - - - - - - - - - - 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client - - - - - - - - - - - Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. - - - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html - - - - - - - - - - - - - - The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. - - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html - - - - - - - - - - - - Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. - - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html - - - - - - - - - - - - The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. - - - - - - - - - https://service.sap.com/sap/support/notes/1687910 - netweaver-diagtraceatoms-dos(75453) - 1027052 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. - - - - - - - - - https://service.sap.com/sap/support/notes/1687910 - netweaver-diagtracestream-dos(75454) - 1027052 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. - - - - - - - - - https://service.sap.com/sap/support/notes/1687910 - netweaver-diaginput-dos(75455) - 1027052 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. - - - - - - - - - https://service.sap.com/sap/support/notes/1687910 - 1027052 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf - 36546 - http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf - 36914 - 36905 - http://retrogod.altervista.org/9sg_emc_keyhelp.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability." - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf - http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-052 - - - - - - - - - - - - - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-052 - - - - - - - - - - - - - Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability." - - - - - - - - - - - - MS12-056 - MS12-052 - - - - - - - - - - - - - - - - - - Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability." - - - - - - - - - - - - MS12-057 - - - - - - - - - - - - - - The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability." - - - - - - - - - - - MS12-053 - - - - - - - - - - Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability." - - - - - - - - - - - MS12-055 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." - - - - - - - - - - MS12-062 - - - - - - - - - - - - - WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf - - - - - - - - - - Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf - http://www.wellintech.com/index.php/news/33-patch-for-kingview653 - - - - - - - - - - - - - - - HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. - - - - - - - - - - - VU#859230 - SSRT100820 - HPSBMU02792 - - - - - - - - - - The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATEACCT, (5) STAT, (6) TERM, or (7) WIPE command via an SMS message. - - - - - - - - - - - VU#464683 - mobiletrack-sms-commands-sec-bypass(75782) - 49268 - http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/ - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow (2) remote authenticated administrators to inject arbitrary web script or HTML via vectors involving administrative menu functions. - - - - - - - - - - VU#722963 - 53715 - http://www.kb.cert.org/vuls/id/MAPG-8R9LBY - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions. - - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8R9LBY - VU#722963 - 53715 - - - - - - - - - - Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8R9LBY - VU#722963 - 53715 - - - - - - - - - - Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header. - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8R9LBY - VU#722963 - 53715 - - - - - - - - - - The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP session. - - - - - - - - - VU#464683 - mobiletrack-ftp-info-disclosure(75783) - 49268 - http://blog.mobiledefense.com/2012/05/mobile-defense-finds-two-security-vulnerabilities-in-xelex-mobiletrack/ - - - - - - - - - - d41d8cd98f00b204e9800998ecf8427e.php in the management web server on the Seagate BlackArmor device allows remote attackers to change the administrator password via unspecified vectors. - - - - - - - - - - - - VU#515283 - blackarmor-network-sec-bypass(75854) - 53670 - 49282 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter. - - - - - - - - - - xcartgold-productsmap-xss(77146) - 54628 - 20010 - 50006 - 84115 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) a crafted SRC attribute of an IFRAME element, or (5) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. - - - - - - - - - - 20366 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. - - - - - - - - - - 20364 - - - - - - - - - - SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 - 54424 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. - - - 20363 - - - - - Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. - - - - - - - - - - VU#174119 - orionnetwork-snmpdconf-csrf(77147) - http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm - 54624 - 50004 - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element. - - - - - - - - - - VU#582879 - http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-01/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) the Cascading Style Sheets (CSS) expression property in conjunction with a CSS comment within the STYLE attribute of an IMG element, (2) the CSS expression property in conjunction with multiple CSS comments within the STYLE attribute of an arbitrary element, or (3) an innerHTML attribute within an XML document. - - - - - - - - - - mdaemon-body-xss(77543) - 54885 - 20357 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element. - - - - - - - - - - 20356 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element. - - - - - - - - - - 20352 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAME element, (3) a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or (4) an innerHTML attribute within an XML document. - - - - - - - - - - 20350 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf - - - - - - - - - - - The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to read or modify settings via a crafted URL, related to an "XML injection" attack. - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf - - - - - - - - - - - Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf - - - - - - - - - - - Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf - - - - - - - - - - - - SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. - - - - - - - - - - - ipswitch-wrvmwarehostlist-sql-injection(77152) - http://www.whatsupgold.com/blog/2012/07/23/keeping-whatsup-gold-secure/ - 54626 - 20035 - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. - - - - - - - - - - - - VU#174119 - http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm - 54624 - 20011 - 50004 - 84116 - - - - - - - - - - - The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8RJPJX - VU#442595 - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields. - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8TJKAF - VU#709939 - https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000000IyBX - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that (1) insert XSS sequences or (2) send messages to clients. - - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8TJKAF - VU#709939 - https://na3.salesforce.com/sfc/#version?selectedDocumentId=06950000000IySO - - - - - - - - - - - - - - The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack. - - - - - - - - - VU#709939 - https://na3.salesforce.com/sfc/#version?id=06850000000JDx3 - http://www.kb.cert.org/vuls/id/MAPG-8TJKAF - - - - - - - - - - - - - - The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). - - - - - - - - - - - VU#977312 - http://www.kb.cert.org/vuls/id/MORO-8UYN8P - - - - - - - - - - - - - - The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. - - - - - - - - - - - https://service.sap.com/sap/support/notes/1687910 - 1027052 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. - - - - - - - - - https://service.sap.com/sap/support/notes/1687910 - 1027052 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file. - - - - - - - - - - - 19340 - http://www.coresecurity.com/content/lattice-diamond-programmer-buffer-overflow - 48431 - 20120621 CORE-2012-0530 - Lattice Diamond Programmer Buffer Overflow - - - - - - - - - - cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html - - - - - - - - - - - - - - - - - - - - - - - - - - - d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request. - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html - - - - - - - - - - - - - - - - - - - - - - - - - - - The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - JVNDB-2012-000054 - JVN#23328321 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.atmarkweb.jp/atcart/ - JVNDB-2012-000055 - JVN#78305073 - - - - - - - - - - - - - - - - - - - - - SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which allows remote attackers to bypass intended URL restrictions via a TCP session. - - - - - - - - - http://www.seil.jp/support/security/a01232.html - JVNDB-2012-000059 - JVN#24646833 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. - - - - - - - - - - http://www.wpwp.org/archives/wassup-1-8-3-1/ - http://wordpress.org/extend/plugins/wassup/changelog/ - http://plugins.trac.wordpress.org/changeset?old_path=%2Fwassup&old=545369&new_path=%2Fwassup&new=545369 - 82017 - JVNDB-2012-000058 - JVN#15646988 - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed. - - - - - - - - - - JVNDB-2012-000056 - JVN#18397171 - - - - - - - - - - - - - - - - The Dolphin Browser HD application before 7.6 and Dolphin for Pad application before 1.0.1 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - JVNDB-2012-000057 - JVN#90751882 - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.kent-web.com/bbs/patio.html - JVNDB-2012-000061 - JVN#33171616 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie. - - - - - - - - - - http://www.kent-web.com/bbs/patio.html - JVNDB-2012-000062 - JVN#58102473 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://wap2.jp/download/spict/ - JVNDB-2012-000060 - JVN#36993373 - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - - - - - - - - The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. - - - - - - - - - http://yomecolle.jp/info/android_oshirase/ - http://www.nec.co.jp/security-info/secinfo/nv12-008.html - JVNDB-2012-000064 - JVN#05102851 - http://jvn.jp/en/jp/JVN05102851/995355/index.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library. - - - - - - - - - - http://www.zenphoto.org/news/zenphoto-1.4.3 - JVNDB-2012-000065 - JVN#59842447 - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. - - - - - - - - - - http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1 - JVNDB-2012-000067 - JVN#80835745 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. - - - - - - - - - - http://www.kent-web.com/bbs/yybbs.html - JVNDB-2012-000068 - JVN#03582364 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. - - - - - - - - - - http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1 - JVNDB-2012-000069 - JVN#79111101 - - - - - - - - - - The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - - https://play.google.com/store/apps/details?id=jp.co.yahoo.android.ybrowser - JVNDB-2012-000070 - JVN#46088915 - - - - - - - - - - The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black Edition application before 2.1.0 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black - https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir - JVNDB-2012-000071 - JVN#88643450 - - - - - - - - - - - Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. - - - - - - - - - - - JVNDB-2012-000072 - JVN#51769987 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. - - - - - - - - - - JVNDB-2012-000073 - JVN#01598734 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allow remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. - - - - - - - - - - - - https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black - https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir - JVNDB-2012-000075 - JVN#99730704 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file. - - - - - - - - - - - USN-1522-1 - 53725 - 50132 - http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=eba25057b9a5e19d10ace2bc7716667a31297169 - - - - - - - - - - arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon. - - - - - - - - - - - [oss-security] 20120525 Re: CVE Request: powerdns does not clear supplementary groups - [oss-security] 20120524 Re: CVE Request: powerdns does not clear supplementary groups - [oss-security] 20120525 Re: CVE Request: powerdns does not clear supplementary groups - [oss-security] 20120524 Re: CVE Request: powerdns does not clear supplementary groups - DSA-2481 - FEDORA-2012-8675 - FEDORA-2012-8702 - FEDORA-2012-8677 - - - - - - - - - - The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions. - - - - - - - - - https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654 - https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978 - https://bugs.launchpad.net/nova/+bug/985184 - https://review.openstack.org/#/c/8239/ - [openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654) - nova-security-group-sec-bypass(76110) - USN-1466-1 - 49439 - 46808 - - - - - - - - - - - - - - - - PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. - - - - - - - - - http://www.postgresql.org/about/news/1398/ - MDVSA-2012:092 - DSA-2491 - RHSA-2012:1037 - FEDORA-2012-8915 - FEDORA-2012-8924 - FEDORA-2012-8893 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. - - - - - - - - - unixodbc-sdc-bo(75940) - 53712 - 82460 - [oss-security] 20120605 Re: CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120531 Re: CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120530 Re: CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120529 CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120529 Re: CVE id request: Multiple buffer overflow in unixODBC - - - - - - - - - - - - ** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context. - - - - - - - - - unixodbc-sdc-bo(75940) - 53712 - 82460 - [oss-security] 20120605 Re: CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120531 Re: CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120530 Re: CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120529 CVE id request: Multiple buffer overflow in unixODBC - [oss-security] 20120529 Re: CVE id request: Multiple buffer overflow in unixODBC - - - - - - - - - - actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694. - - - - - - - - - - [rubyonrails-security] 20120531 Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660) - SUSE-SU-2012:1015 - openSUSE-SU-2012:0978 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695. - - - - - - - - - [rubyonrails-security] 20120531 SQL Injection Vulnerability in Ruby on Rails (CVE-2012-2661) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages. - - - - - - - - - - rhcs-agentendentity-xss(77101) - 1027284 - 54608 - 50013 - RHSA-2012:1103 - 84099 - - - - - - - - - - - - - - - - - - The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. - - - - - - - - - sos-anaconda-info-disclosure(76468) - 54116 - RHSA-2012:0958 - - - - - - - - - - Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=826077 - USN-1537-1 - USN-1536-1 - 1027332 - 1027331 - DSA-2520 - 50146 - 50142 - RHSA-2012:1135 - - - - - - - - - - - - - - - - - - - - - - - Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes." - - - - - - - - - - symfony-session-hijacking(76027) - 53776 - [oss-security] 20120605 Re: CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version - [oss-security] 20120604 CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version - http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG - http://symfony.com/blog/security-release-symfony-1-4-18-released - 49312 - - - - - - - - - - - - - - - - - - - - - - - - - - - - libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=825875 - openldap-nss-weak-security(76099) - 1027127 - 53823 - [oss-security] 20120606 Re: CVE request: openldap does not honor TLSCipherSuite configuration option - [oss-security] 20120605 Re: CVE request: openldap does not honor TLSCipherSuite configuration option - [oss-security] 20120605 CVE request: openldap does not honor TLSCipherSuite configuration option - http://www.openldap.org/its/index.cgi?findid=7285 - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2c2bb2e - RHSA-2012:1151 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - manageuser.php in Collabtive before 0.7.6 allows remote authenticated users, and possibly unauthenticated attackers, to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg, then accessing it via a direct request to the file in files/standard/avatar. - - - - - - - - - - - http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html - collabtive-manageuser-file-upload(76101) - 53813 - 20120605 Arbitrary File Upload/Execution in Collabtive - [oss-security] 20120606 Re: Arbitrary File Upload/Execution in Collabtive - [oss-security] 20120606 Arbitrary File Upload/Execution in Collabtive - http://www.collabtive.o-dyn.de/blog/?p=426 - 20120604 Arbitrary File Upload/Execution in Collabtive - - - - - - - - - - - - - The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache. - - - - - - - - - - - https://github.com/rtomayko/rack-cache/pull/52 - https://github.com/rtomayko/rack-cache/commit/2e3a64d07daac4c757cc57620f2288e865a09b90 - https://github.com/rtomayko/rack-cache/blob/master/CHANGES - https://bugzilla.redhat.com/show_bug.cgi?id=824520 - https://bugzilla.novell.com/show_bug.cgi?id=763650 - [oss-security] 20120606 Re: CVE request: rack-cache caches sensitive headers (Set-Cookie) - [oss-security] 20120606 CVE request: rack-cache caches sensitive headers (Set-Cookie) - FEDORA-2012-8439 - - - - - - - - - - - - - - - - - - - Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function. - - - - - - - - - https://issues.jboss.org/browse/JBPAPP-9197 - mojarra-facescontext-info-disc(76179) - [oss-security] 20120606 Re: CVE request: Mojarra allows deployed web applications to read FacesContext from other applications - [oss-security] 20120606 CVE request: Mojarra allows deployed web applications to read FacesContext from other applications - 49284 - http://java.net/jira/browse/JAVASERVERFACES-2436 - - - - - - - - - - Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. - - - - - - - - - https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a - https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1 - https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb - https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3 - https://github.com/ivmai/bdwgc/blob/master/ChangeLog - USN-1546-1 - [oss-security] 20120607 Re: memory allocator upstream patches - [oss-security] 20120605 memory allocator upstream patches - FEDORA-2012-9637 - FEDORA-2012-9556 - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. - - - - - - - - - https://github.com/android/platform_bionic/commit/7f5aa4f35e23fd37425b3a5041737cdf58f87385 - [oss-security] 20120607 Re: memory allocator upstream patches - [oss-security] 20120605 memory allocator upstream patches - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ - - - - - - - - - - - Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. - - - - - - - - - https://github.com/ned14/nedmalloc/commit/2965eca30c408c13473c4146a9d47d547d288db1 - https://github.com/ned14/nedmalloc/commit/1a759756639ab7543b650a10c2d77a0ffc7a2000 - https://github.com/ned14/nedmalloc/blob/master/Readme.html - [oss-security] 20120607 Re: memory allocator upstream patches - [oss-security] 20120605 memory allocator upstream patches - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ - - - - - - - - - - Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on implementing code via a large size value, which causes less memory to be allocated than expected. - - - - - - - - - https://github.com/emeryberger/Hoard/blob/master/NEWS - [oss-security] 20120607 Re: memory allocator upstream patches - [oss-security] 20120605 memory allocator upstream patches - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ - - - - - - - - - - Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. - - - - - - - - - https://svn.boost.org/trac/boost/changeset/78326 - https://svn.boost.org/trac/boost/ticket/6701 - [oss-security] 20120607 Re: memory allocator upstream patches - [oss-security] 20120605 memory allocator upstream patches - FEDORA-2012-9818 - FEDORA-2012-9029 - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ - - - - - - - - - - - 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhashed#user#password attribute. - - - - - - - - - 54153 - 49734 - RHSA-2012:1041 - RHSA-2012:0997 - 83336 - http://directory.fedoraproject.org/wiki/Release_Notes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. - - - - - - - - - - http://www.apache.org/dist/httpd/CHANGES_2.4.3 - [announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released - http://httpd.apache.org/security/vulnerabilities_24.html - - - - - - - - - - - - Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." - - - - - - - - - - - openSUSE-SU-2012:0976 - http://www.php.net/ChangeLog-5.php - DSA-2527 - SUSE-SU-2012:1034 - SUSE-SU-2012:1033 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. - - - - - - - - - [Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images - libguestfs-virtedit-info-disc(76220) - 53932 - 49545 - 49431 - RHSA-2012:0774 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The mc_issue_note_update function in the SOAP API in MantisBT before 1.2.11 does not properly check privileges, which allows remote attackers with bug reporting privileges to edit arbitrary bugnotes via a SOAP request. - - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/edc8142bb8ac0ac0df1a3824d78c15f4015d959e - https://github.com/mantisbt/mantisbt/commit/175d973105fe9f03a37ced537b742611631067e0 - mantisbt-soapapi-sec-bypass(76180) - [oss-security] 20120611 Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 - [oss-security] 20120609 CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 - http://www.mantisbt.org/bugs/view.php?id=14340 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=148 - 49414 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments. - - - - - - - - - - https://github.com/mantisbt/mantisbt/commit/ceafe6f0c679411b81368052633a63dd3ca06d9c - [oss-security] 20120611 Re: CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 - [oss-security] 20120609 CVE requests (x2) for Mantis Bug Tracker (MantisBT) before 1.2.11 - http://www.mantisbt.org/bugs/view.php?id=14016 - http://www.mantisbt.org/bugs/changelog_page.php?version_id=148 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. - - - - - - - - - - - [libvirt] 20120428 [PATCH 0/3] usb devices with same vendor, productID hotplug support - [oss-security] 20120611 Re: CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored - [oss-security] 20120611 CVE request -- libvirt: address bus= device= when identicle vendor ID/product IDs usb devices attached are ignored - RHSA-2012:0748 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "['xyz', nil]" values, a related issue to CVE-2012-2660. - - - - - - - - - [rubyonrails-security] 20120612 Ruby on Rails Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2694) - SUSE-SU-2012:1015 - openSUSE-SU-2012:0978 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage improper handling of nested hashes, a related issue to CVE-2012-2661. - - - - - - - - - - - [rubyonrails-security] 20120612 Ruby on Rails SQL Injection (CVE-2012-2695) - openSUSE-SU-2012:0978 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page. - - - - - - - - - - https://gerrit.wikimedia.org/r/#/c/7979/1/includes/SkinTemplate.php - https://www.mediawiki.org/wiki/Release_notes/1.19 - https://www.mediawiki.org/wiki/Release_notes/1.18 - https://www.mediawiki.org/wiki/Release_notes/1.17 - https://bugzilla.wikimedia.org/show_bug.cgi?id=36938 - mediawiki-index-uselang-xss(76311) - 82983 - [oss-security] 20120613 Re: CVE request: XSS in uselang http parameter (mediawiki) - 1027179 - 49484 - [MediaWiki-announce] 20120613 MediaWiki security release 1.19.1 - [MediaWiki-announce] 20120613 MediaWiki security release 1.18.4 - [MediaWiki-announce] 20120613 MediaWiki security release 1.17.5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2339. Reason: This candidate is a duplicate of CVE-2012-2339. Notes: All CVE users should reference CVE-2012-2339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2340. Reason: This candidate is a duplicate of CVE-2012-2340. Notes: All CVE users should reference CVE-2012-2340 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2341. Reason: This candidate is a duplicate of CVE-2012-2341. Notes: All CVE users should reference CVE-2012-2341 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. - - - - - - - - - http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261 - http://drupal.org/node/1585532 - http://drupal.org/node/1580752 - ubercartproductkeys-keys-security-bypass(75720) - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49169 - 82005 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php." - - - - - - - - - - https://drupal.org/node/1580376 - http://drupalcode.org/project/ad.git/commitdiff/4337f34 - http://drupal.org/node/1585544 - advertisement-settings-xss(75718) - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - - - - - - - - - - - - - - - - - - - - - - - The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access to debug information, which allows remote attackers to obtain sensitive site configuration information that is specified by the $conf variable in settings.php. - - - - - - - - - https://drupal.org/node/1580376 - http://drupalcode.org/project/ad.git/commitdiff/c2ffab2 - advertisement-settings-info-disclosure(75719) - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - http://drupal.org/node/1585544 - - - - - - - - - - - - - - - - - - - - - - - The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS) attacks via the title parameter. - - - - - - - - - - http://drupalcode.org/project/smart_breadcrumb.git/commitdiff/834f75a - http://drupal.org/node/1585564 - http://drupal.org/node/1568216 - smartbreadcrumb-filtertitles-xss(75713) - 53592 - 82006 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49163 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration. - - - - - - - - - - postaffiliatepro-registration-xss(75716) - 53589 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - http://drupal.org/node/1585648 - - - - - - - - - - The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. - - - - - - - - - - http://drupalcode.org/project/hostmaster.git/commitdiff/8a61101 - http://drupal.org/node/1585658 - hostmaster-node-security-bypass(75715) - 53588 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - http://drupal.org/node/1585678 - http://community.aegirproject.org/1.9 - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a Drush log message in a provision task log. - - - - - - - - - - http://drupalcode.org/project/hostmaster.git/commitdiff/9476561 - http://drupal.org/node/1585658 - hostmaster-logmessages-xss(75714) - 53588 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - http://drupal.org/node/1585678 - http://community.aegirproject.org/1.9 - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2907. Reason: This candidate is a duplicate of CVE-2012-2907. Notes: All CVE users should reference CVE-2012-2907 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. - - - - - - - - - - http://drupal.org/node/628480 - http://drupal.org/node/1585960 - zen-breadcrumb-xss(75711) - 53573 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to taxonomy information. - - - - - - - - - - 53671 - http://drupalcode.org/project/taxonomy_list.git/commitdiff/7dd21a0 - http://drupal.org/node/1597262 - http://drupal.org/node/1595396 - taxonomylist-taxonomyinformation-xss(75867) - 82164 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49238 - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown exceptions and logging errors. - - - - - - - - - - http://drupalcode.org/project/search_api.git/commitdiff/5a18c8c - http://drupal.org/node/1597364 - http://drupal.org/node/1596524 - searchapi-exceptions-errors-xss(75868) - 53672 - 82230 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49236 - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that login a user to another web site. - - - - - - - - - - - - https://drupal.org/node/1596464 - 53673 - http://drupalcode.org/project/browserid.git/commitdiff/5e5cdcd - http://drupal.org/node/1597414 - browserid-authentication-csrf(75869) - 82466 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49227 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links. - - - - - - - - - - 53732 - http://drupalcode.org/project/amadou.git/commitdiff/071ea83 - http://drupal.org/node/1608780 - http://drupal.org/node/1608730 - drupal-amadou-template-xss(75997) - 82433 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49328 - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that publish comments. - - - - - - - - - - - - http://drupalcode.org/project/comment_moderation.git/commitdiff/f18c3de - http://drupal.org/node/1608822 - http://drupal.org/node/1608822 - http://drupal.org/node/1538768 - drupal-commentmoderation-unspecified-csrf(75998) - 53738 - 49326 - 82434 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options. - - - - - - - - - - 53734 - http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc - http://drupal.org/node/1608828 - http://drupal.org/node/1169008 - drupal-mobiletools-unspecified-xss(76002) - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss - 49318 - 82410 - - - - - - - - - - - - - SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits." - - - - - - - - - - - drupal-counter-unspecified-sql-injection(76004) - 53736 - 82527 - http://drupal.org/node/1608854 - - - - - - - - - - - The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." - - - - - - - - - - - http://drupal.org/node/1608864 - http://drupal.org/node/1598782 - 82575 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49316 - - - - - - - - - - - - - - - - The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. - - - - - - - - - http://drupal.org/node/1619808 - http://drupal.org/node/1618476 - tokenauth-usersession-security-bypass(76141) - 53840 - 82727 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49400 - - - - - - - - - - - - - - - - The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. - - - - - - - - - - - http://drupalcode.org/project/og.git/commitdiff/1485708 - http://drupal.org/node/1619810 - http://drupal.org/node/1619736 - organicgroups-permission-security-bypass(76150) - 53838 - 82728 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49397 - - - - - - - - - - - - - - - - The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. - - - - - - - - - http://drupalcode.org/project/node_embed.git/commitdiff/d06f022 - http://drupalcode.org/project/node_embed.git/commitdiff/7a2296c - http://drupal.org/node/1619824 - http://drupal.org/node/1618430 - http://drupal.org/node/1618428 - nodeembed-selectembed-security-bypass(76148) - 53835 - 82735 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 48348 - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://drupalcode.org/project/maestro.git/commitdiff/c499971 - http://drupal.org/node/1619830 - http://drupal.org/node/1617952 - maestro-unspecified-xss(76145) - 53836 - 82713 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49393 - - - - - - - - - - - - - - - classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks. - - - - - - - - - http://drupalcode.org/project/authoring_html.git/commitdiff/ceae1ab - http://drupal.org/node/1619852 - http://drupal.org/node/1619086 - authoringhtml-embeddedscripts-xss(76127) - 82739 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49387 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_body parameter. - - - - - - - - - - http://drupalcode.org/project/protest.git/commitdiff/cf8c543 - http://drupalcode.org/project/protest.git/commitdiff/c85eaed - http://drupal.org/node/1619856 - http://drupal.org/node/1618092 - http://drupal.org/node/1618090 - protest-protestbodyparameter-xss(76126) - 82715 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49386 - - - - - - - - - - - - - Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when synchronizing user data, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter. - - - - - - - - - - - http://drupal.org/node/1632734 - http://drupal.org/node/1632704 - http://drupal.org/node/1632702 - janrain-drupal-spoofing(76292) - 53992 - 82958 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49480 - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the Node Hierarchy module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to hijack the authentication of administrators for requests that change a node hierarchy position via an (1) up or (2) down action. - - - - - - - - - - - - http://drupalcode.org/project/nodehierarchy.git/commitdiff/8b4b3f5 - http://drupal.org/node/1632900 - http://drupal.org/node/1632432 - drupal-nodehierarchy-unspecified-csrf(76345) - 53993 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the SimpleMeta module 6.x-1.x before 6.x-2.0 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) delete or (2) add a meta tag entry. - - - - - - - - - - - - http://drupal.org/node/1632908 - http://drupal.org/node/1534874 - drupal-simplemeta-unspecified-csrf(76344) - 53997 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - - - - - - - - - - - - - - The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions. - - - - - - - - - - - http://drupal.org/node/1632918 - http://drupal.org/node/1258034 - protected-node-drupal-sec-bypass(76291) - 54001 - 82984 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49509 - - - - - - - - - - - - - - - The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage. - - - - - - - - - http://drupal.org/node/1633048 - http://drupal.org/node/1619586 - uberart-ajax-info-disc(76332) - 53999 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - http://drupalcode.org/project/uc_ajax_cart.git/commitdiff/b59cdd5 - - - - - - - - - - - - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2021. Reason: This candidate is a duplicate of CVE-2010-2021. Notes: All CVE users should reference CVE-2010-2021 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition. - - - - - - - - - http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721 - http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d - http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5 - https://bugzilla.redhat.com/show_bug.cgi?id=832532 - accountsservice-userchangeicon-info-disc(76648) - USN-1485-1 - 54223 - [oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737) - 49759 - 49695 - 83398 - FEDORA-2012-10120 - http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. - - - - - - - - - https://bugzilla.gnome.org/show_bug.cgi?id=676090 - 54281 - [oss-security] 20120615 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher - [oss-security] 20120522 Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher - FEDORA-2012-9575 - FEDORA-2012-9546 - http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news - http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.changes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action. - - - - - - - - - - - https://www.phplist.com/?lid=567 - https://mantis.phplist.com/view.php?id=16557 - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php - 52657 - [oss-security] 20120616 Re: CVE request: phplist before 2.10.18 XSS and sql injection - [oss-security] 20120616 CVE request: phplist before 2.10.18 XSS and sql injection - 18639 - 1027181 - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action. - - - - - - - - - - https://www.phplist.com/?lid=567 - https://mantis.phplist.com/view.php?id=16557 - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5081.php - 52657 - [oss-security] 20120616 Re: CVE request: phplist before 2.10.18 XSS and sql injection - [oss-security] 20120616 CVE request: phplist before 2.10.18 XSS and sql injection - 18639 - 1027181 - - - - - - - - - - - - - - - - - - - - - - - - - Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack. - - - - - - - - - https://bugs.gentoo.org/show_bug.cgi?id=421571 - revelation-passwordlength-weak-security(76407) - 54060 - [oss-security] 20120618 Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key - [oss-security] 20120618 CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key - http://oss.codepoet.no/revelation/issue/61/file-format-magic-string-version-mismatch - http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack. - - - - - - - - - https://bugs.gentoo.org/show_bug.cgi?id=421571 - revelation-sha-weak-security(76408) - 54060 - [oss-security] 20120618 Re: CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key - [oss-security] 20120618 CVE Request -- Revelation: 1) Limits effective password length to 32 characters 2) Doesn't iterate the passphrase through SHA algorithm to derive the encryption key - http://oss.codepoet.no/revelation/issue/61/file-format-magic-string-version-mismatch - http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets. - Per: http://cwe.mitre.org/data/definitions/476.html - -'CWE-476: NULL Pointer Dereference' - - - - - - - - - https://github.com/torvalds/linux/commit/9e2dcf72023d1447f09c47d77c99b0c49659e5ce - https://bugzilla.redhat.com/show_bug.cgi?id=833402 - RHSA-2012:1148 - RHSA-2012:1064 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9e2dcf72023d1447f09c47d77c99b0c49659e5ce - http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. - - - - - - - - - https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33 - https://bugzilla.redhat.com/show_bug.cgi?id=833428 - http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2 - RHSA-2012:1064 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=79549c6dfda0603dba9a70a53467ce62d9335c33 - - - - - - - - - - - - - - - - - 389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password. - - - - - - - - - https://fedorahosted.org/389/ticket/365 - https://bugzilla.redhat.com/show_bug.cgi?id=833482 - 389directory-logging-info-disclosure(76595) - 54153 - 83329 - 49734 - RHSA-2012:1041 - RHSA-2012:0997 - http://directory.fedoraproject.org/wiki/Release_Notes - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to gain privileges via unknown attack vectors related to "Inadequate checking." - - - - - - - - - - - joomla-unspecified-security-bypass(76415) - 54073 - [oss-security] 20120619 Re: Joomla! Security News 2012-06-19 - http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html - 49605 - 83070 - http://developer.joomla.org/security/news/470-20120601-core-privilege-escalation - - - - - - - - - - - - - - Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error." - - - - - - - - - joomla-unspecified1-information-disclosure(76414) - 54073 - [oss-security] 20120619 Re: Joomla! Security News 2012-06-19 - http://www.joomla.org/announcements/release-news/5427-joomla-255-released.html - 49605 - 83069 - http://developer.joomla.org/security/news/471-20120602-core-information-disclosure - - - - - - - - - - - - - - MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=833737 - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-63.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=833742 - http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031. - - - - - - - - - - http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/CHANGES?r1=1920&r2=1919&pathrev=1920 - http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/apache2/msc_multipart.c?r1=1918&r2=1917&pathrev=1918 - 54156 - [oss-security] 20120621 Re: mod_security CVE request - [oss-security] 20120621 mod_security CVE request - MDVSA-2012:118 - DSA-2506 - 49782 - 49576 - http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/branches/2.6.x/CHANGES - http://blog.ivanristic.com/2012/06/modsecurity-and-modsecurity-core-rule-set-multipart-bypasses.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in VMware vMA 4.x and 5.x before 5.0.0.2 allows local users to gain privileges via a Trojan horse DLL in the current working directory. - Per: http://cwe.mitre.org/data/lists/426.html 'Untrusted Search Path' - - - - - - - - - - - vmware-vma-unspec-priv-esc(75891) - http://www.vmware.com/security/advisories/VMSA-2012-0010.html - 1027099 - 53697 - 49322 - 49300 - 82276 - - - - - - - - - - - - Untrusted search path vulnerability in TrGUI.exe in the Endpoint Connect (aka EPC) GUI in Check Point Endpoint Security R73.x and E80.x on the VPN blade platform, Endpoint Security VPN R75, Endpoint Connect R73.x, and Remote Access Clients E75.x allows local users to gain privileges via a Trojan horse DLL in the current working directory. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk76480 - 20120613 Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php. - - - - - - - - - - loginwithajax-loginwithajax-xss(75470) - 53423 - http://www.secureworks.com/research/advisories/SWRX-2012-003/ - http://wordpress.org/extend/plugins/login-with-ajax/changelog/ - http://plugins.trac.wordpress.org/changeset/541069 - 81712 - - - - - - - - - - - - - - - - - - - - - - - mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. - - - - - - - - - https://github.com/bmuller/mod_auth_openid/pull/30 - https://github.com/bmuller/mod_auth_openid/blob/master/ChangeLog - modauthopenid-database-info-disclosure(75813) - 53661 - 82139 - 18917 - 49247 - http://packetstormsecurity.org/files/112991/Mod_Auth_OpenID-Session-Stealing.html - 20120522 session stealing in mod_auth_openid - CVE-2012-2760 - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23092 - https://github.com/s9y/Serendipity/commit/87153991d06bc18fe4af05f97810487c4a340a92#diff-1 - serendipity-trackbacksinc-sql-injection(75760) - 1027079 - 53620 - 82036 - 49234 - http://blog.s9y.org/archives/241-Serendipity-1.6.2-released.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server. - - - - - - - - - - - http://git.gnome.org/browse/gimp/commit/?h=gimp-2-6&id=744f7a4a2b5acb8b531a6f5dd8744ebb95348fc2 - https://bugzilla.gnome.org/show_bug.cgi?id=679215 - http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html - [oss-security] 20120630 Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6 - [oss-security] 20120530 ScriptFu Server Buffer Overflow in GIMP <= 2.6 - openSUSE-SU-2012:1080 - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Google Chrome before 20.0.1132.43 on Windows might allow local users to gain privileges via a Trojan horse Metro DLL in the current working directory. - - - - - - - - - - - oval:org.mitre.oval:def:15375 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=130276 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - [rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions - rtfm-unspec-xss(77212) - 54689 - 50024 - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - [rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions - extensionmobileui-unspec-xs(77211) - 54684 - 50010 - - - - - - - - - - The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user." - - - - - - - - - [rt-announce] 20120725 Security vulnerabilities in three commonly deployed RT extensions - authenexternalauth-url-sec-bypass(77213) - 54681 - 50060 - - - - - - - - - - - Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing with frame threading." - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cb7190cd2c691fd93e4d3664f3fce6c19ee001dd - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors, relate to starting "a frame outside SETUP state." - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9d3032b960ae03066c008d6e6774f68b17a1d69d - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of picture write." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ba775a54bc2136ec5da85385a923b05ee6fab159 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784. - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c459 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=229e4c133287955d5f3f837520a3602709b21950 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_slice_header function in libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a "rejected resolution change." - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9a57a37b7041581c10629c8241260a5d7bfbc1e7 - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "freeing the returned frame." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d85b3c4fff4c4b255232fcc01edbd57f19d60998 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777. - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors, related to (1) "some subframes only encode some channels" or (2) a large order value. - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d462949974668ffb013467d12dc4934b9106fe19 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=326f7a68bbd429c63fd2f19f4050658982b5b081 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_wdlt function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d1c95d2ce39560e251fdb14f4af91b04fd7b845c - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "setup width/height." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c41ac870470c614185e1752c11f892809022248a - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to a large number of vector coded coefficients (num_vec_coeffs). - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=97a5addfcf0029d0f5538ed70cb38cae4108a618 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of decoded samples in first sub-block in BGMC mode." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2837d8dc276760db1821b81df3f794a90bfa56e6 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the (1) decode_band_hdr function in indeo4.c and (2) ff_ivi_decode_blocks function in ivi_common.c in libavcodec/ in FFmpeg before 0.11 have unknown impact and attack vectors, related to the "transform size." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0846719dd11ab3f7a7caee13e7af71f71d913389 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_init function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame. - - - - - - - - - - - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d442c4462a2692e27a24e1a9d0eb6f18725c7bd8 - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the lag_decode_zero_run_line function in libavcodec/lagarith.c in FFmpeg before 0.11 has unknown impact and attack vectors related to "too many zeros." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=83c7803f55b3231faeb93c1a634399a70fae9480 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5ad7335ebac2b38bb2a1c8df51a500b78461c05a - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 have unknown impact and attack vectors related to (1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter," and (3) "too many bits in decode_channel_residues()." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b3a43515827f3d22a881c33b87384f01c86786fd - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0abefb0af64a311b15141062c77dd577ba590a3 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2a7063de547b1d8fb1cef523469390fb59fb2c50 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the vc1_decode_frame function in libavcodec/vc1dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to inconsistencies in "coded slice positions and interlacing" that trigger "out of array writes." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5e59a77cec804a9b44c60ea22c17beba6453ef23 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cca9528524c7a4b91451f4322bd50849af5d057e - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to an "out of array write." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=72b9537d8886f679494651df517dfed9b420cf1f - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "put bit buffer when num_saved_bits is reset." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=64bd7f8e4db1742e86c5ed02bd530688b74063e3 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11 has unknown impact and attack vectors in which the "tile size ... mismatches parameters" and triggers "writing into a too small array." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to dimensions and "out of array writes." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1df49142bab1b7bccd11392aa9e819e297d21a6e - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes." - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c22701c371c2f3dea21fcdbb97c981939fb77af - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to resetting the data size value. - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=951cbea56fdc03ef96d07fbd7e5bed755d42ac8a - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width. - - - - - - - - - - - 55355 - [oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11? - [oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11? - 50468 - http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4a80ebe491609e04110a1dd540a0ca79d3be3d04 - http://ffmpeg.org/security.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the get_sos function in jdmarker.c in libjpeg-turbo 1.2.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large component count in the header of a JPEG image. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=826849 - https://bugzilla.mozilla.org/show_bug.cgi?id=759802 - libjpegturbo-getsos-bo(76952) - [oss-security] 20120717 libjpeg-turbo: Heap-based buffer overflow when decompressing corrupt JPEG images - 49883 - 84040 - http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 - - - - - - - - - - Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - openSUSE-SU-2012:0975 - openSUSE-SU-2012:0813 - DSA-2521 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=129930 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. - - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - SUSE-SU-2012:0902 - - - - - - - - - - - - - - - The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. - - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - - - - - - - - - - - - - - - Buffer overflow in the exif_entry_format_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. - - - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - SUSE-SU-2012:0902 - - - - - - - - - - Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain. - - - - - - - - - openSUSE-SU-2012:0813 - http://support.apple.com/kb/HT5400 - oval:org.mitre.oval:def:15662 - APPLE-SA-2012-07-25-1 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=118633 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 20.0.1132.43 on Windows does not properly isolate sandboxed processes, which might allow remote attackers to cause a denial of service (process interference) via unspecified vectors. - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15591 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=119250 - http://code.google.com/p/chromium/issues/detail?id=119150 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to tables that have sections. - - - - - - - - - - - openSUSE-SU-2012:0813 - http://support.apple.com/kb/HT5485 - oval:org.mitre.oval:def:15264 - APPLE-SA-2012-09-12-1 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=120222 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the layout of documents that use the Cascading Style Sheets (CSS) counters feature. - - - - - - - - - - - openSUSE-SU-2012:0813 - http://support.apple.com/kb/HT5485 - oval:org.mitre.oval:def:14771 - APPLE-SA-2012-09-12-1 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=120944 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The texSubImage2D implementation in the WebGL subsystem in Google Chrome before 20.0.1132.43 does not properly handle uploads to floating-point textures, which allows remote attackers to cause a denial of service (assertion failure and application crash) or possibly have unspecified other impact via a crafted web page, as demonstrated by certain WebGL performance tests, aka rdar problem 11520387. - - - - - - - - - - - - openSUSE-SU-2012:0813 - https://chromiumcodereview.appspot.com/10444013 - https://bugs.webkit.org/show_bug.cgi?id=85942 - http://trac.webkit.org/changeset/118410 - http://trac.webkit.org/changeset/117191 - oval:org.mitre.oval:def:14938 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=120977 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 20.0.1132.43 does not properly implement SVG filters, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15468 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=121926 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The autofill implementation in Google Chrome before 20.0.1132.43 does not properly display text, which has unspecified impact and remote attack vectors. - - - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15565 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=122925 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. - - - - - - - - - oval:org.mitre.oval:def:15166 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG resources. - - - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15204 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=124356 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. - - - - - - - - - - - oval:org.mitre.oval:def:15666 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=125374 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors. - - - - - - - - - openSUSE-SU-2012:0813 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=127417 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 20.0.1132.43 does not properly implement texture conversion, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15511 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=128688 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the UI in Google Chrome before 20.0.1132.43 on Mac OS X allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=129826 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15287 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=129857 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. - - - - - - - - - - - openSUSE-SU-2012:0813 - http://support.apple.com/kb/HT5485 - oval:org.mitre.oval:def:15144 - APPLE-SA-2012-09-12-1 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=129947 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 20.0.1132.43 does not properly set array values, which allows remote attackers to cause a denial of service (incorrect pointer use) or possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15483 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=129951 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references. - - - - - - - - - - - openSUSE-SU-2012:0813 - http://support.apple.com/kb/HT5485 - oval:org.mitre.oval:def:14708 - APPLE-SA-2012-09-12-1 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=130356 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15455 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=131553 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. - - - - - - - - - - - oval:org.mitre.oval:def:15584 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=132156 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format. - - - - - - - - - - - - openSUSE-SU-2012:0813 - oval:org.mitre.oval:def:15444 - http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html - http://code.google.com/p/chromium/issues/detail?id=132779 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The exif_data_load_data function in exif-data.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory via crafted EXIF tags in an image. - - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - SUSE-SU-2012:0902 - - - - - - - - - - - - - - - The mnote_olympus_entry_get_value function in olympus/mnote-olympus-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags that are not properly handled during the formatting of EXIF maker note tags. - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - SUSE-SU-2012:0902 - - - - - - - - - - - - - - - Off-by-one error in the exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) before 0.6.21 allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted EXIF tags in an image. - - - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - - - - - - - - - - - - - - - Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow. - - - - - - - - - - - USN-1513-1 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - SUSE-SU-2012:0903 - SUSE-SU-2012:0902 - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - oval:org.mitre.oval:def:15664 - APPLE-SA-2012-09-12-1 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html - http://code.google.com/p/chromium/issues/detail?id=129898 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - oval:org.mitre.oval:def:15569 - APPLE-SA-2012-09-12-1 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html - http://code.google.com/p/chromium/issues/detail?id=130595 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - oval:org.mitre.oval:def:15039 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-update.html - http://code.google.com/p/chromium/issues/detail?id=133450 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file. - - - - - - - - - - MDVSA-2012:107 - [libexif-devel] 20120712 libexif project security advisory July 12, 2012 - - - - - - - - - - Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors. - - - - - - - - - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=125225 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource consumption) via a crafted web site. - - - - - - - - - - oval:org.mitre.oval:def:15735 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=127522 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. - - - - - - - - - - oval:org.mitre.oval:def:15658 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=127525 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image. - - - - - - - - - - oval:org.mitre.oval:def:15653 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=128163 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15630 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=132860 - http://code.google.com/p/chromium/issues/detail?id=131690 - http://code.google.com/p/chromium/issues/detail?id=131621 - http://code.google.com/p/chromium/issues/detail?id=131252 - http://code.google.com/p/chromium/issues/detail?id=131237 - http://code.google.com/p/chromium/issues/detail?id=131068 - http://code.google.com/p/chromium/issues/detail?id=130611 - http://code.google.com/p/chromium/issues/detail?id=130592 - http://code.google.com/p/chromium/issues/detail?id=130251 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15705 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=132861 - http://code.google.com/p/chromium/issues/detail?id=132694 - http://code.google.com/p/chromium/issues/detail?id=132585 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15744 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=134028 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. - - - - - - - - - - - - oval:org.mitre.oval:def:15439 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=134101 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process. - - - - - - - - - oval:org.mitre.oval:def:15698 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=134519 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15038 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=134888 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. - - - - - - - - - - - oval:org.mitre.oval:def:15053 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=135264 - http://code.google.com/p/chromium/issues/detail?id=134954 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - - oval:org.mitre.oval:def:15336 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=136235 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image. - - - - - - - - - - - - oval:org.mitre.oval:def:15679 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=136894 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=137541 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site. - - - - - - - - - - - oval:org.mitre.oval:def:15709 - http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html - http://code.google.com/p/chromium/issues/detail?id=137671 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. - - - - - - - - - - - oval:org.mitre.oval:def:14788 - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html - http://code.google.com/p/chromium/issues/detail?id=137957 - http://code.google.com/p/chromium/issues/detail?id=137721 - http://code.google.com/p/chromium/issues/detail?id=136643 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations. - - - - - - - - - - - oval:org.mitre.oval:def:14823 - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update.html - http://code.google.com/p/chromium/issues/detail?id=137361 - http://code.google.com/p/chromium/issues/detail?id=136968 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow." - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update-for-chrome-os.html - http://code.google.com/p/chromium/issues/detail?id=141901 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document. - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=121347 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document. - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=134897 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=135485 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object. - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=136881 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer." - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=137778 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. - - - - - - - - - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?r1=118654&r2=150123 - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?r1=75684&r2=149998 - https://chromiumcodereview.appspot.com/10830177 - https://chromiumcodereview.appspot.com/10823168 - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/pattern.c?view=log - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxslt/libxslt/functions.c?view=log - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=140368 - http://code.google.com/p/chromium/issues/detail?id=138672 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. - Per: http://cwe.mitre.org/data/definitions/704.html - -'CWE-704: Incorrect Type Conversion or Cast' - - - - - - - - - - - - https://chromiumcodereview.appspot.com/10824157 - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?view=log - http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src/include/libxml/tree.h?r1=56276&r2=149930 - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=138673 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html - http://code.google.com/p/chromium/issues/detail?id=142956 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Profile List in the Joomla Content Editor (JCE) component before 2.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the search parameter to administrator/index.php. - - - - - - - - - - jce-joomla-index-xss(75670) - 53559 - http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32 - http://secunia.com/secunia_research/2012-14/ - 49206 - - - - - - - - - - - Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension as demonstrated by .jpg.pht. - Per: http://cwe.mitre.org/data/definitions/434.html 'Unrestricted Upload of File with Dangerous Type' - - - - - - - - - - - jce-joomla-file-file-upload(75671) - 51002 - http://www.joomlacontenteditor.net/news/item/jce-21-released?category_id=32 - http://secunia.com/secunia_research/2012-15/ - 49206 - 81980 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php. - - - - - - - - - - phpaddressbook-multiplescripts-xss(75703) - 53598 - http://www.darksecurity.de/index.php?/215-SSCHADV2012-013-PHP-Address-Book-7.0.0-Multiple-security-vulnerabilities.html - http://sourceforge.net/tracker/?func=detail&aid=3527242&group_id=157964&atid=805929 - 49212 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter. - - - - - - - - - - jwplayer-player-debug-xss(75672) - http://www.wooyun.org/bugs/wooyun-2010-07166 - 53554 - http://www.longtailvideo.com/support/forums/jw-player/bug-reports/26699/xss-exists-in-debug-functionality - 49130 - 20120516 JW player xss security flaw - http://developer.longtailvideo.com/trac/ticket/1585 - - - - - - - - - - Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request. - - - - - - - - - artiphp-database-info-disclosure(75690) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php - 18889 - 49195 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in artpublic/recommandation/index.php in Artiphp CMS 5.5.0 Neo (r422) allow remote attackers to inject arbitrary web script or HTML via the (1) add_img_name_post, (2) asciiart_post, (3) expediteur, (4) titre_sav, or (5) z39d27af885b32758ac0e7d4014a61561 parameter. - - - - - - - - - - artiphp-index-xss(75689) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5090.php - 53586 - 49195 - http://packetstormsecurity.org/files/112804/Artiphp-CMS-5.5.0-Cross-Site-Scripting.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web script or HTML via the content title in a breadcrumb. - - - - - - - - - - aberdeen-breadcrumb-xss(75712) - 53581 - [oss-security] 20120627 Re: CVE Request for Drupal contributed modules - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49150 - http://drupalcode.org/project/aberdeen.git/commitdiff/1994e8e - http://drupal.org/node/1585890 - http://drupal.org/node/1585878 - - - - - - - - - - - - Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter. - - - - - - - - - - - viscacha-bbcodes-sql-injection(75575) - http://www.vulnerability-lab.com/get_content.php?id=525 - 53496 - 18873 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Viscacha 0.8.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) text field in the Private Messages System, (2) Bad Word field in Zensur, or (3) Portal or (4) Topic field in Kommentar. - - - - - - - - - - viscachacms-admin-xss(75577) - http://www.vulnerability-lab.com/get_content.php?id=525 - 53496 - 18873 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.showpic.php. - - - - - - - - - - silisoftware-phpthumb-multiple-xss(75709) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5088.php - 53572 - http://packetstormsecurity.org/files/112797/SiliSoftware-phpThumb-1.7.11-Cross-Site-Scripting.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in backupDB.php in SiliSoftware backupDB() 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter. - - - - - - - - - - silisoftwarebackupdb-backupdb-xss(75710) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5089.php - 53575 - http://packetstormsecurity.org/files/112801/SiliSoftware-backupDB-1.2.7a-Cross-Site-Scripting.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the LeagueManager plugin 3.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter in the show-league page or (2) season parameter in the team page to wp-admin/admin.php. - - - - - - - - - - leaguemanager-admin-xss(75629) - 53525 - http://packetstormsecurity.org/files/112698/WordPress-LeagueManager-3.7-Cross-Site-Scripting.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php. - - - - - - - - - - leaflet-admin-xss(75628) - 53526 - http://packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. - - - - - - - - - - captcha-captchademo-xss(75708) - 53585 - http://packetstormsecurity.org/files/112785/Unijimpe-Captcha-Cross-Site-Scripting.html - - - - - - - - - - Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file. - - - - - - - - - - - - 53566 - 48741 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option parameter to wp-admin/tools.php. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fsabre&old=534490&new_path=%2Fsabre&new=534490 - sabre-tools-xss(75615) - 53528 - http://wordpress.org/extend/plugins/sabre/changelog/ - http://packetstormsecurity.org/files/112692/WordPress-SABRE-1.2.0-Cross-Site-Scripting.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-and-follow-menu page to wp-admin/admin.php. - - - - - - - - - - shareandfollow-admin-xss(75616) - 53533 - http://packetstormsecurity.org/files/112691/WordPress-Share-And-Follow-1.80.3-Cross-Site-Scripting.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter. - - - - - - - - - - chevereto-index-xss(75476) - 53448 - http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html - - - - - - - - - - Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter. - - - - - - - - - chevereto-upload-info-disclosure(75477) - 53448 - http://packetstormsecurity.org/files/112585/Chevreto-Upload-Script-Cross-Site-Scripting-User-Enumeration.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information. - - - - - - - - - - userphoto-optionsgeneral-xss(75496) - 53449 - http://wordpress.org/extend/plugins/user-photo/changelog/ - 49100 - http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880 - 81806 - - - - - - - - - - - - - - - - - - - - - - - - - - - - Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document. - - - - - - - - - https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py - https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706 - 53654 - 49256 - 81701 - http://freecode.com/projects/feedparser/releases/344371 - - - - - - - - - - - - - - - - - - - - - - - The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message. - - - - - - - - - drupal-index-path-disclosure(75531) - 53454 - [oss-security] 20120802 Re: CVE Request for Drupal contributed modules - 49131 - 81817 - 20120510 Re: Drupal 7.14 <= Full Path Disclosure Vulnerability - 20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability (Update) - 20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter. - - - - - - - - - - - 53472 - 18858 - - - - - - - - - - PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. - - - - - - - - - - - 53472 - 18858 - - - - - - - - - - SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. - - - - - - - - - - - simplephpagenda-engine-sql-injection(75501) - 18845 - - - - - - - - - - Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. - - - - - - - - - - http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 - http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2012-05-17 - http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 - http://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisory+2012-05-17 - http://confluence.atlassian.com/display/BAMBOO/Bamboo+Security+Advisory+2012-05-17 - jira-xml-dos(75697) - fisheye-crucible-xml-dos(75682) - 53595 - 49146 - 81993 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors. - - - - - - - - - http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 - jira-xml-dos(75697) - 53595 - 49166 - 81993 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. - - - - - - - - - - jira-xml-dos(75697) - 53595 - 49166 - 81993 - http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17 - http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vulnerability than CVE-2012-1059. - - - - - - - - - - https://github.com/osCommerce/oscommerce/commit/a5aeb0448cc333cc4b801c0e01981b218fd9c7df - oscommerce-main-xss(75900) - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) page parameter to (a) admin/admin_comments.php or (b) admin/admin_links.php; or list parameter in a (3) move or (4) minimize action to (c) admin/admin_index.php. - - - - - - - - - - pliggcms-multiple1-xss(75764) - 53625 - http://secunia.com/secunia_research/2012-18/ - 45431 - http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461 - 82045 - 82044 - http://forums.pligg.com/downloads.php?do=file&id=15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module. - - - - - - - - - - - pliggcms-multiple-sql-injection(75765) - 53625 - http://secunia.com/secunia_research/2012-19/ - 45431 - http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461 - 82050 - 82049 - 82048 - http://forums.pligg.com/downloads.php?do=file&id=15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. - - - - - - - - - - travelonexpress-multiple-xss(75541) - http://www.vulnerability-lab.com/get_content.php?id=530 - 53500 - 18871 - 81888 - 81887 - - - - - - - - - - Multiple unrestricted file upload vulnerabilities in Travelon Express 6.2.2 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) airline-edit.php, (2) hotel-image-add.php, or (3) hotel-add.php. - - - - - - - - - - - travelonexpress-multiple-file-upload(75542) - http://www.vulnerability-lab.com/get_content.php?id=530 - 53500 - 81889 - 18871 - http://iel-sayed.blogspot.com/2012/05/travelon-express-cms-v622-multiple-web.html - - - - - - - - - - MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted (1) PNG, (2) WMF, (3) PSD, (4) TGA, (5) TTF, (6) BMP, (7) TIFF, or (8) PCX file. - - - - - - - - - - realdraw-mutliple-files-dos(75733) - 53636 - 18902 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. - - - - - - - - - - yandexserver-text-xss(75788) - 53622 - http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html - - - - - - - - - - - Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors. - - - - - - - - - - - haproxy-trash-bo(75777) - 53647 - [oss-security] 20120528 Duplicate CVE identifiers (CVE-2012-2391 and CVE-2012-2942) assigned to HAProxy issue - [oss-security] 20120523 Re: CVE request: haproxy trash buffer overflow flaw - [oss-security] 20120523 CVE request: haproxy trash buffer overflow flaw - 49261 - http://haproxy.1wt.eu/git?p=haproxy-1.4.git;a=commit;h=30297cb17147a8d339eb160226bcc08c91d9530b - http://haproxy.1wt.eu/download/1.4/src/CHANGELOG - http://haproxy.1wt.eu/#news - - - - - - - - - - CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter. - - - - - - - - - cryptographp-cfg-response-splitting(75768) - 53609 - http://packetstormsecurity.org/files/112859/Cryptographp-Local-File-Inclusion-HTTP-Response-Splitting.html - - - - - - - - - - Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. - - - - - - - - - - - openSUSE-SU-2012:1069 - networkupstools-addchar-bo(75980) - 53743 - 82409 - MDVSA-2012:087 - http://trac.networkupstools.org/projects/nut/changeset/3633 - 49348 - http://networkupstools.org/docs/user-manual.chunked/apis01.html - http://alioth.debian.org/tracker/?func=detail&aid=313636 - - - - - - - - - - - - - - - - - chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. - - - - - - - - - 1027102 - DSA-2493 - 49303 - http://downloads.asterisk.org/pub/security/AST-2012-007.html - 20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver. - - - - - - - - - - - chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. - - - - - - - - - asterisk-scd-dos(75937) - 1027103 - 53723 - DSA-2493 - 49303 - http://downloads.asterisk.org/pub/security/AST-2012-008.html - 20120529 AST-2012-008: Skinny Channel Driver Remote Crash Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. - - - - - - - - - - - http://www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518 - http://www.pcmag.com/article2/0,2817,2404639,00.asp - http://blog.mylookout.com/blog/2012/05/21/zte-security-vulnerability - - - - - - - - - - SQL injection vulnerability in plog-rss.php in Plogger allows remote attackers to execute arbitrary SQL commands via the id parameter. - - - - - - - - - - - plogger-id-sql-injection(75789) - 53644 - http://packetstormsecurity.org/files/112947/Plogger-Photo-Gallery-SQL-Injection.html - - - - - - - - - - SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter. - - - - - - - - - - - jaow-addons-sql-injection(75866) - 53677 - http://www.jaow.net/Article-97 - 18921 - 49266 - 82231 - - - - - - - - - - - - - The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary commands via crafted input to application scripts. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 - 54426 - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string. - - - - - - - - - - lotus-protector-xss(76798) - http://www-01.ibm.com/support/docview.wss?uid=swg21605626 - - - - - - - - - - - - - - - - - - - - - - - The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 - 54429 - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords. - - - - - - - - - - - VU#221180 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. - - - - - - - - - - VU#960468 - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 - 54425 - - - - - - - - - - - - - SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter. - - - - - - - - - - - VU#404051 - scrutinizer-statusfilter-sql-injection(77148) - http://www.sonicwall.com/shared/download/Dell_SonicWALL_Scrutinizer_Service_Bulletin_for_SQL_injection_vulnerability_CVE.pdf - 54625 - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html - 84232 - 20033 - 50052 - - - - - - - - - - - - - - - - - - - - - - - - - - - The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to obtain sensitive information by downloading a .tgz file. - - - - - - - - - VU#520430 - http://www.secureworks.com/research/advisories/SWRX-2012-005/ - http://www.kb.cert.org/vuls/id/MAPG-8GANCC - - - - - - - - - - - - - - - - The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information by sniffing the network for XML documents. - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8GANCC - VU#520430 - http://www.secureworks.com/research/advisories/SWRX-2012-006/ - - - - - - - - - - - - - - - - Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HTTP Parameter Contamination" issue. - - - - - - - - - - - VU#309979 - http://en.securitylab.ru/lab/PT-2012-05 - http://en.securitylab.ru/lab/ - http://caucho.com/resin-4.0/changes/changes.xtp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors. - - - - - - - - - - - VU#309979 - http://en.securitylab.ru/lab/PT-2012-05 - http://en.securitylab.ru/lab/ - http://caucho.com/resin-4.0/changes/changes.xtp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack vectors. - - - - - - - - - - - VU#309979 - http://en.securitylab.ru/lab/PT-2012-05 - http://en.securitylab.ru/lab/ - http://caucho.com/resin-4.0/changes/changes.xtp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an HTTP request. - - - - - - - - - VU#309979 - http://en.securitylab.ru/lab/PT-2012-05 - http://en.securitylab.ru/lab/ - http://caucho.com/resin-4.0/changes/changes.xtp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP request. - - - - - - - - - - VU#309979 - http://en.securitylab.ru/lab/PT-2012-05 - http://en.securitylab.ru/lab/ - http://caucho.com/resin-4.0/changes/changes.xtp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. - - - - - - - - - VU#154307 - - - - - - - - - - The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. - - - - - - - - - - - VU#377915 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page. - - - - - - - - - - VU#143395 - https://support.f5.com/kb/en-us/solutions/public/13000/800/sol13838.html - - - - - - - - - - - The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 - 54427 - - - - - - - - - - - - - The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 - 54430 - - - - - - - - - - - - - query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet. - - - - - - - - - VU#624931 - http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. - - - - - - - - - VU#251635 - http://www.kb.cert.org/vuls/id/MAPG-8R5LD6 - http://www.htc.com/www/help/app-security-fix/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. - - - - - - - - - - - VU#788478 - https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e - http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf - http://americaninfosec.com/research/index.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character. - - - - - - - - - - - VU#788478 - https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213 - http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf - http://americaninfosec.com/research/index.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. - - - - - - - - - VU#788478 - https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80 - http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf - http://americaninfosec.com/research/index.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. - - - - - - - - - - VU#318779 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter. - - - - - - - - - - VU#247235 - - - - - - - - - - lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) first, (2) third, or (3) fourth parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4361. - - - - - - - - - - - VU#441363 - - - - - - - - - - The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. - - - - - - - - - - - - VU#663809 - http://www.krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=931 - - - - - - - - - - Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. - - - VU#389795 - - - - - The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack. - - - VU#591667 - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss. - - - VU#471364 - - - - - Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action. - - - VU#471364 - - - - - Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf - - - - - - - - - - - Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-251-01.pdf - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Invensys Wonderware InTouch 2012 and earlier, as used in Wonderware Application Server, Wonderware Information Server, Foxboro Control Software, InFusion CE/FE/SCADA, InBatch, and Wonderware Historian, allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-177-02.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Innominate mGuard Smart HW before HW-101130 and BD before BD-101030, mGuard industrial RS, mGuard delta HW before HW-103060 and BD before BD-211010, mGuard PCI, mGuard blade, and EAGLE mGuard appliances with software before 7.5.0 do not use a sufficient source of entropy for private keys, which makes it easier for man-in-the-middle attackers to spoof (1) HTTPS or (2) SSH servers by predicting a key value. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-167-01.pdf - https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs - http://www.innominate.com/data/downloads/software/innominate_security_advisory_20120614_001.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components before 3.0 SP2, and other products, allows remote attackers to cause a denial of service (daemon crash or hang) via a long Unicode string. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf - 53563 - 49173 - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-201-01.pdf - - - - - - - - - - - Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf - - - - - - - - - - - - The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-01.pdf - http://www.arbiter.com/news/index.php?id=261 - - - - - - - - - - - - - WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices have default passwords for unspecified Web Based Management accounts, which makes it easier for remote attackers to obtain administrative access via a TCP session. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf - http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf - - - - - - - - - - - - The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. - - - Per http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf - -"An attacker with access to an established user account could remotely log into the affected system and elevate privileges to the administrative level, thereby circumventing the physical connect safeguards in place for administrative functions." - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf - http://www.garrettcom.com/techsupport/6k_dl/6k440_rn.pdf - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Siemens SIMATIC STEP7 before 5.5 SP1, as used in SIMATIC PCS7 7.1 SP3 and earlier and other products, allows local users to gain privileges via a Trojan horse DLL in a STEP7 project folder. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-205-02.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-110665.pdf - - - - - - - - - - - - - Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 allow remote attackers to cause a denial of service (defect-mode transition and service outage) via crafted ICMP packets. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-02.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-589272.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed IP packets. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-02.pdf - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-617264.pdf - - - - - - - - - - - - - - - - - - - The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authentication code, which allows local users to bypass intended access restrictions and obtain administrative access by predicting a challenge response. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-212-01.pdf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrative access via a network session. - - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-214-01.pdf - http://support.automation.siemens.com/WW/view/en/41929231/130000 - - - - - - - - - - - - - - - - - - - - Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf - http://www.tridium.com/cs/tridium_news/security_patch_36 - - - - - - - - - - - The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf - http://www.tridium.com/cs/tridium_news/security_patch_36 - - - - - - - - - - - Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote attackers to cause a denial of service (process crash or packet loss) via a large number of ARP packets, aka Bug ID CSCtr44822. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted ARF file, aka Bug ID CSCtz72985. - - - - - - - - - - - 20120627 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72977. - - - - - - - - - - - - 20120627 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted DHT chunk in a JPEG image within a WRF file, aka Bug ID CSCtz72953. - - - - - - - - - - - - 20120627 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted WRF file, aka Bug ID CSCtz72946. - - - - - - - - - - - 20120627 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code via a crafted size field in audio data within a WRF file, aka Bug ID CSCtz00755. - - - - - - - - - - - 20120627 Buffer Overflow Vulnerabilities in the Cisco WebEx Player - - - - - - - - - - - - - - Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134. - - - - - - - - - 20120620 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers to cause a denial of service (CPU consumption) via malformed UDP packets, aka Bug ID CSCtz76269. - - - - - - - - - http://www.cisco.com/web/software/282074295/93949/cucm-readme-862asu2-Rev2.pdf - - - - - - - - - - - - Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058. - - - - - - - - - - - 20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338. - - - - - - - - - 20120711 Multiple Vulnerabilities in Cisco TelePresence Manager - 20120711 Multiple Vulnerabilities in Cisco TelePresence Recording Server - 20120711 Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382. - - - - - - - - - - - 20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The administrative web interface on Cisco TelePresence Immersive Endpoint Devices before 1.7.4 allows remote authenticated users to execute arbitrary commands via a malformed request on TCP port 443, aka Bug ID CSCtn99724. - - - - - - - - - - - 20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The administrative web interface on Cisco TelePresence Recording Server before 1.8.0 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Bug ID CSCth85804. - - - - - - - - - - - 20120711 Multiple Vulnerabilities in Cisco TelePresence Recording Server - - - - - - - - - - - - - - - - Cisco IOS 12.2 allows remote attackers to cause a denial of service (CPU consumption) by establishing many IPv6 neighbors, aka Bug ID CSCtn78957. - - - - - - - - - http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/caveats_SXI_rebuilds.html - - - - - - - - - - Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. - - - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html - - - - - - - - - - - The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. - - - - - - - - - http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html - - - - - - - - - - Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote authenticated users to cause a denial of service (resource consumption and administration outage) via extended use of the product, aka Bug ID CSCtd79132. - - - - - - - - - http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/release/notes/715cucrn.html - - - - - - - - - - - - The glBufferData function in the WebGL implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not properly mitigate an unspecified flaw in an NVIDIA driver, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a related issue to CVE-2011-3101. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=744888 - http://www.mozilla.org/security/announce/2012/mfsa2012-34.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. - - - Per: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - -'Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.' - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF. - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install. - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - Unspecified vulnerability in the PeoleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort. - - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent. - - - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer. - - - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS. - - - - - - - - - 1027274 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS. - - - - - - - - - - - https://blogs.oracle.com/security/entry/security_alert_cve_2012_3132 - http://www.teamshatter.com/topics/general/team-shatter-exclusive/ctxsys-context-privilege-escalation/ - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-3132-1721017.html - http://www.networkworld.com/news/2012/072712-black-hat-shark-bitten-security-researcher-261203.html - http://www.darkreading.com/database-security/167901020/security/news/240004776/hacking-oracle-database-indexes.html - - - - - - - - - - - - - - - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors. - - - - - - - - - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - - Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. - - - - - - - - - - - 1027264 - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html - - - - - - - - - - - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-1682. - - - - - - - - - - - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php. - - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23094 - 54109 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23094 - 54109 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23095 - kayakofusion-download-xss(78314) - 55417 - http://wiki.kayako.com/display/DOCS/4.50.1619 - http://wiki.kayako.com/display/DOCS/4.50.1581 - 50366 - 85189 - 20120905 Cross-Site Scripting (XSS) in Kayako Fusion - - - - - - - - - - RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file. - - - - - - - - - - - http://service.real.com/realplayer/security/09072012_player/en/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string. - - - - - - - - - http://git.gnome.org/browse/gimp/commit/plug-ins/file-fits/fits-io.c?id=ace45631595e8781a1420842582d67160097163c - https://bugzilla.gnome.org/show_bug.cgi?id=676804 - gimp-fit-dos(76658) - 54246 - http://www.reactionpenetrationtesting.co.uk/FIT-file-handling-dos.html - 19482 - openSUSE-SU-2012:1080 - 20120629 GIMP FIT File Format DoS - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. - - - - - - - - - - http://www.astaro.com/en-uk/blog/up2date/8305 - http://security.inshell.net/advisory/27 - 20120610 [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. - - - - - - - - - - - http://www.eucalyptus.com/eucalyptus-cloud/security/esa-03 - 49916 - 49912 - - - - - - - - - - - The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. - - - - - - - - - - - http://www.eucalyptus.com/eucalyptus-cloud/security/esa-04 - 49916 - 49912 - - - - - - - - - - - Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors. - - - - - - - - - HPSBHF02804 - SSRT100631 - - - - - - - - - - - - - - - - - - - HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote attackers to obtain sensitive information via unspecified vectors. - - - - - - - - - HPSBMU02801 - SSRT100879 - - - - - - - - - - - - - HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows remote authenticated users to obtain sensitive information via unspecified vectors. - - - - - - - - - SSRT100923 - HPSBMU02802 - - - - - - - - - - - - - Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and 9.30, and HP Service Center Server 6.28, allows remote attackers to cause a denial of service via unknown vectors. - - - - - - - - - SSRT100921 - HPSBMU02800 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - HPSBMU02803 - SSRT100926 - - - - - - - - - - - - - - - Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 allows remote attackers to cause a denial of service via unknown vectors. - - - - - - - - - SSRT100789 - HPSBUX02806 - - - - - - - - - - - Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet. - - - - - - - - - - - http://zerodayinitiative.com/advisories/ZDI-12-164/ - SSRT100361 - HPSB3C02808 - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in HP iNode Management Center before iNode PC 5.1 E0304 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by a stack-based buffer overflow in iNodeMngChecker.exe for a crafted 0x0A0BF007 packet. - - - - - - - - - - - http://zerodayinitiative.com/advisories/ZDI-12-163/ - SSRT100377 - HPSB3C02809 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - SSRT100937 - HPSBMU02811 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - HPSBMU02811 - SSRT100937 - - - - - - - - - - HP Business Availability Center (BAC) 8.07 allows remote authenticated users to hijack web sessions via unspecified vectors. - - - - - - - - - - - SSRT100937 - HPSBMU02811 - - - - - - - - - - Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and a consequently short runtime, which makes it easier for context-dependent attackers to discover cleartext passwords via a brute-force attack, as demonstrated by an attack using GPU hardware. - - - - - - - - - http://phk.freebsd.dk/sagas/md5crypt_eol.html - - - - - - - - - - VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file. - - - - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0011.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow remote attackers to cause a denial of service (guest OS crash) via crafted traffic from a remote virtual device. - - - - - - - - - http://www.vmware.com/security/advisories/VMSA-2012-0011.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors. - - - - - - - - - - - http://googlechromereleases.blogspot.com/2012/06/beta-channel-update-for-chromebooks.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner. - - - - - - - - - http://www.infradead.org/openconnect/changelog.html - FEDORA-2012-6758 - http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/14cae65318d3ef1f7d449e463b72b6934e82f1c2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file. - - - - - - - - - - - DSA-2523 - FEDORA-2012-8445 - FEDORA-2012-8461 - FEDORA-2012-8488 - http://jira.globus.org/browse/GT-195 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue. - - - - - - - - - - was-ac-xss(77179) - http://www-01.ibm.com/support/docview.wss?uid=swg27022958 - http://www-01.ibm.com/support/docview.wss?uid=swg21606096 - PM60839 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add user accounts via the /wmqfteconsole/Filespaces URI, (2) modify permissions via the /wmqfteconsole/FileSpacePermisssions URI, or (3) add MQ Message Descriptor (MQMD) user accounts via the /wmqfteconsole/UploadUsers URI. - - - - - - - - - - - - wmq-fte-csrf(77180) - http://www.ibm.com/support/docview.wss?uid=swg21607482 - 20477 - IC85516 - - - - - - - - - - - - - - - - - - - - - - - - - - IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. - - - - - - - - - wmq-svrconn-security-bypass(77279) - http://www.ibm.com/support/docview.wss?uid=swg21595523 - PM56593 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - hmc-login-panel-xss(77288) - http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01258 - http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01257 - http://www.ibm.com/support/fixcentral/firmware/readme?fixid=MH01253 - MB03494 - MB03489 - MB03488 - http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_the_help_link_on_the_power_hmc_login_panel_is_susceptible_to_reflected_cross_site_scripting_cve_2012_329617 - - - - - - - - - - - - - - - - Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers. - - - - - - - - - - lotus-domino-response-splitting(77400) - http://www-01.ibm.com/support/docview.wss?uid=swg21608160 - http://websecurity.com.ua/5839/ - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server. - - - - - - - - - - lotus-domino-xss(77401) - http://www-01.ibm.com/support/docview.wss?uid=swg21608160 - http://websecurity.com.ua/5839/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat. - - - - - - - - - - http://www.ibm.com/support/docview.wss?uid=swg21599114 - ibm-sametime-xss(77567) - http://www.ibm.com/support/docview.wss?uid=swg21607903 - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the account-creation panel in IBM InfoSphere Guardium 8.2 and earlier, when the CSRF filtering (aka csrf_status) feature is disabled, allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. - - - - - - - - - - - - infosphere-gaurdium-csrf(77745) - http://www.ibm.com/support/docview.wss?uid=swg21609223 - http://en.securitylab.ru/lab/PT-2012-15 - http://en.securitylab.ru/lab/ - - - - - - - - - - - - The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network. - - - - - - - - - infosphere-gaurdium-savepassword-info-disc(77785) - http://www.ibm.com/support/docview.wss?uid=swg21609224 - http://en.securitylab.ru/lab/PT-2012-15 - http://en.securitylab.ru/lab/ - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - ibm-maximo-xss-iv15530(77787) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV15530 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via unspecified vectors. - - - - - - - - - - - was-pm44303-security-bypass(77959) - http://www.ibm.com/support/docview.wss?uid=swg21609067 - PM71296 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - ibm-maximo-xss-iv20344(77960) - http://www-01.ibm.com/support/docview.wss?uid=swg21610081 - IV20344 - 50551 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different vulnerability than CVE-2012-2564. - - - - - - - - - - - - VU#722963 - http://www.kb.cert.org/vuls/id/MAPG-8R9LBY - - - - - - - - - - ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. - - - - - - - - - - [oss-security] 20120614 CVE-2012-3345: symlink attack in ioquake3 >= r1773, < r2253 - - - - - - - - - - AutoFORM PDM Archive before 7.0 implements user accounts in a way that allows for JMX Console authentication, which allows remote authenticated users to bypass intended access restrictions via the /jmx-console URI, and then upload and execute arbitrary JSP code via a JBoss remote-deployment mechanism, a different vulnerability than CVE-2012-1828. - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MAPG-8RQL83 - VU#773035 - - - - - - - - - - - SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23096 - webmatic-referer-sql-injection(76774) - 54287 - 19629 - 83538 - 20120704 Blind SQL Injection in Webmatic - - - - - - - - - - (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. - - - - - - - - - - openSUSE-SU-2012:0954 - https://bugzilla.redhat.com/show_bug.cgi?id=835076 - https://bugzilla.gnome.org/show_bug.cgi?id=678661 - rhythmbox-template-symlink(76538) - USN-1503-1 - 54186 - [oss-security] 20120625 Re: CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs - [oss-security] 20120625 CVE 2011-* Request -- rhythmbox (context plug-in): Insecure temporary directory use by loading template files for 'Album', 'Lyrics', and 'Artist' tabs - http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. - - - - - - - - - openSUSE-SU-2012:0831 - viewvc-svnra-security-bypass(76614) - 54197 - [oss-security] 20120625 Re: CVE Request: viewvc - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760 - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759 - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757 - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756 - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755 - http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.15/CHANGES - http://viewvc.tigris.org/issues/show_bug.cgi?id=353 - 83225 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." - - - - - - - - - openSUSE-SU-2012:0831 - viewvc-svnra-info-disclosure(76615) - 54199 - [oss-security] 20120625 Re: CVE Request: viewvc - http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758 - 83227 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JPEG 2000 image file. - - - - - - - - - - - openjpeg-jpeg2000-bo(76850) - 54373 - [oss-security] 20120711 Openjpeg: heap-buffer overflow when processing JPEG2000 image files - MDVSA-2012:104 - 49913 - RHSA-2012:1068 - 83741 - http://code.google.com/p/openjpeg/source/detail?r=1727 - - - - - - - - - - Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. - - - - - - - - - - https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 - [openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361) - https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 - https://bugs.launchpad.net/nova/+bug/1015531 - USN-1497-1 - 54277 - 49802 - 49763 - FEDORA-2012-10420 - - - - - - - - - - - - - virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. - - - - - - - - - - https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 - https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 - https://review.openstack.org/#/c/9268/ - [openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361) - https://bugs.launchpad.net/nova/+bug/1015531 - USN-1497-1 - 54278 - 49802 - 49763 - FEDORA-2012-10420 - FEDORA-2012-10418 - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 and earlier allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an adduser admin action. - - - - - - - - - - - - [oss-security] 20120627 Re: CVE request: CSRF in eXtplorer - [oss-security] 20120626 Re: CVE request: CSRF in eXtplorer - [oss-security] 20120624 Re: CVE request: CSRF in eXtplorer - [oss-security] 20120624 CVE request: CSRF in eXtplorer - DSA-2510 - http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross-site.Request.Forgery_174.html - - - - - - - - - - The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. - - - - - - - - - openSUSE-SU-2012:0976 - http://www.php.net/ChangeLog-5.php - SUSE-SU-2012:1034 - SUSE-SU-2012:1033 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server). - - - - - - - - - - - https://github.com/Bcfg2/bcfg2/commit/a524967e8d5c4c22e49cd619aed20c87a316c0be - bcfg2-trigger-command-execution(76616) - 54217 - DSA-2503 - 49690 - 49629 - [bcfg-dev] 20120612 Major security flaw in Trigger plugin - - - - - - - - - - Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate. - - - - - - - - - - https://fedorahosted.org/pki/changeset/2430 - https://bugzilla.redhat.com/show_bug.cgi?id=836268 - rhcs-certificate-manager-sec-bypass(77102) - 1027284 - 54608 - 50013 - RHSA-2012:1103 - 84098 - - - - - - - - - - - - - - - - - - Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach. - - - - - - - - - http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812 - https://bugzilla.redhat.com/show_bug.cgi?id=835849 - https://bugzilla.redhat.com/show_bug.cgi?id=812551 - http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=625302 - - - - - - - - - - The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. - - - - - - - - - https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d - [openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371) - https://bugs.launchpad.net/nova/+bug/1017795 - USN-1501-1 - 54388 - [oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371) - - - - - - - - - - - - - - - - ** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key." - - - - - - - - - - - https://media.torproject.org/misc/2012-07-03-cyberoam-CVE-2012-3372.txt - https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372 - http://www.theregister.co.uk/2012/07/07/cyberoam_tor_ssl_spying_flap/ - http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/ - 20120703 Cyberoam advisory - - - - - - - - - - Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. - - - - - - - - - - - http://hg.pidgin.im/pidgin/main/rev/ded93865ef42 - http://www.pidgin.im/news/security/index.php?id=64 - MDVSA-2012:105 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts. - - - - - - - - - - - 54358 - 20120706 [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability - - - - - - - - - - Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file. - - - - - - - - - - - http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e - 1027224 - [oss-security] 20120706 Re: CVE request: VLC / Asterisk - [oss-security] 20120706 CVE request: VLC / Asterisk - 49835 - oval:org.mitre.oval:def:15299 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2. - - - - - - - - - - https://bugzilla.gnome.org/show_bug.cgi?id=678348 - [oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi - [oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678026 - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0808. Reason: This candidate is a duplicate of CVE-2012-0808. Notes: All CVE users should reference CVE-2012-0808 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. - - - - - - - - - http://code.google.com/p/naxsi/source/detail?r=307 - 83617 - [oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi - [oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi - 49811 - http://code.google.com/p/naxsi/ - - - - - - - - - - sfcb in sblim-sfcb places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=838160 - https://bugzilla.novell.com/show_bug.cgi?id=770234 - [oss-security] 20120706 Re: CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage - [oss-security] 20120706 CVE Request: sblim-sfcb: insecure LD_LIBRARY_PATH usage - http://sourceforge.net/tracker/index.php?func=detail&aid=3541554&group_id=128809&atid=712784 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message. - - - - - - - - - - https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2 - openSUSE-SU-2012:0974 - https://bugzilla.novell.com/show_bug.cgi?id=769799 - [oss-security] 20120706 Re: CVE Request: XSS in a Mono System.web error page - - - - - - - - - - The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. - - - - - - - - - - [oss-security] 20120707 Re: CVE #'s for WordPress 3.4.1 release - [oss-security] 20120702 CVE #'s for WordPress 3.4.1 release - [oss-security] 20120912 Re: CVEs for wordpress 3.4.2 release - http://core.trac.wordpress.org/changeset?reponame=&new=21153%40branches%2F3.4&old=21076%40trunk#file16 - http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file23 - http://codex.wordpress.org/Version_3.4.2 - http://codex.wordpress.org/Version_3.4.1 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - [oss-security] 20120707 Re: CVE #'s for WordPress 3.4.1 release - [oss-security] 20120702 CVE #'s for WordPress 3.4.1 release - http://codex.wordpress.org/Version_3.4.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. - - - - - - - - - [oss-security] 20120707 Re: CVE #'s for WordPress 3.4.1 release - [oss-security] 20120702 CVE #'s for WordPress 3.4.1 release - http://codex.wordpress.org/Version_3.4.1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. - - - - - - - - - - - [automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck' - [automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!) - [automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!) - http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76 - MDVSA-2012:103 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948 - - - - - - - - - - The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916 - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. - - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692 - - - - - - - - - - - - - - lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git;a=commit;h=c58c05ad4f22c6ee1e136a7d4caaddd809a7134d - - - - - - - - - - - - - - - - - - - - mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199 - - - - - - - - - - - - - - - - - - - - mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. - - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460 - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. - - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808 - - - - - - - - - - - - - - - - - - - - auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. - - - - - - - - - http://git.moodle.org/gw?p=moodle.git;a=commit;h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7 - [oss-security] 20120717 Moodle security notifications public - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. - - - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. - - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. - Per: http://cwe.mitre.org/data/definitions/407.html 'CWE-407: Algorithmic Complexity' - - - - - - - - - [oss-security] 20120717 Moodle security notifications public - http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter. - - - - - - - - - - - basilic-diff-command-execution(76667) - 54234 - [oss-security] 20120709 Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability - [oss-security] 20120710 CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability - 19631 - 20120706 Re: Basilic RCE bug - 20120630 Basilic RCE bug - - - - - - - - - - The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in LibTIFF 4.0.2 and earlier does not properly initialize the T2P context struct pointer in certain error conditions, which allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=837577 - https://bugzilla.redhat.com/attachment.cgi?id=596457 - libtiff-t2preadtiffinit-bo(77088) - USN-1511-1 - [oss-security] 20120719 Re: tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer - [oss-security] 20120719 tiff2pdf: Heap-based buffer overflow due to improper initialization of T2P context struct pointer - 50007 - 49938 - 84090 - openSUSE-SU-2012:0955 - http://libjpeg-turbo.svn.sourceforge.net/viewvc/libjpeg-turbo?view=revision&revision=830 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted channels header value in a PSD image file, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2009-3909. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=838941 - https://bugzilla.redhat.com/attachment.cgi?id=603059&action=diff - 1027411 - [oss-security] 20120820 The Gimp PSD plug-in CVE-2012-3402 issue - RHSA-2012:1181 - - - - - - - - - - - - Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted KiSS palette file, which triggers an "invalid free." - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=839020 - 1027411 - 55101 - [oss-security] 20120820 The Gimp CEL plug-in CVE-2012-3403 issue - 50296 - RHSA-2012:1181 - RHSA-2012:1180 - openSUSE-SU-2012:1080 - SUSE-SU-2012:1029 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. - - - - - - - - - https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd - https://bugzilla.redhat.com/show_bug.cgi?id=839166 - http://puppetlabs.com/security/cve/cve-2012-3408/ - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix. - - - - - - - - - - - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278 - ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033 - openSUSE-SU-2012:0898 - bash-devfd-bo(77551) - 54937 - [oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33 - [oss-security] 20120712 Re: CVE Request: Overflow fix in bash 4.2 patch 33 - [oss-security] 20120711 CVE Request: Overflow fix in bash 4.2 patch 33 - MDVSA-2012:128 - - - - - - - - - - The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. - - - - - - - - - https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54 - [oss-security] 20120717 Re: CVE Request: KDE Pim - [oss-security] 20120716 Re: CVE Request: KDE Pim - [oss-security] 20120713 Re: CVE Request: KDE Pim - [oss-security] 20120713 CVE Request: KDE Pim - USN-1512-1 - 50008 - FEDORA-2012-10411 - FEDORA-2012-10410 - - - - - - - - - - - Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. - - - - - - - - - - - condor-reverse-dns-security-bypass(77748) - 1027395 - 55032 - 50294 - 50246 - RHSA-2012:1169 - RHSA-2012:1168 - http://research.cs.wisc.edu/condor/security/vulnerabilities/CONDOR-2012-0002.html - 84766 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. - - - - - - - - - - http://linuxquota.git.sourceforge.net/git/gitweb.cgi?p=linuxquota/linuxquota;a=commitdiff;h=0abbfe92536fa5854eb65572de0cf131f80e2387 - openSUSE-SU-2012:1058 - https://bugzilla.redhat.com/show_bug.cgi?id=566717 - [oss-security] 20120719 Re: CVE Request: quota: incorrect use of tcp_wrappers - [oss-security] 20120719 CVE Request: quota: incorrect use of tcp_wrappers - http://sourceforge.net/tracker/?func=detail&aid=2743481&group_id=18136&atid=118136 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads. - - - - - - - - - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd - openSUSE-SU-2012:1081 - openSUSE-SU-2012:1079 - openSUSE-SU-2012:1036 - https://bugzilla.redhat.com/show_bug.cgi?id=841698 - https://bugzilla.redhat.com/show_bug.cgi?id=841284 - https://bugzilla.redhat.com/show_bug.cgi?id=841249 - https://bugzilla.redhat.com/show_bug.cgi?id=841240 - https://bugzilla.redhat.com/show_bug.cgi?id=841183 - https://bugzilla.redhat.com/show_bug.cgi?id=841180 - https://bugzilla.redhat.com/show_bug.cgi?id=841159 - https://bugzilla.redhat.com/show_bug.cgi?id=841126 - https://bugzilla.redhat.com/show_bug.cgi?id=841112 - https://bugzilla.redhat.com/show_bug.cgi?id=840920 - https://bugzilla.redhat.com/show_bug.cgi?id=840822 - [oss-security] 20120816 pcp: Multiple security flaws - DSA-2533 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 - FEDORA-2012-12076 - FEDORA-2012-12024 - - - - - - - - - - - - - - - - - - - - - - Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. - - - - - - - - - openSUSE-SU-2012:1081 - openSUSE-SU-2012:1079 - openSUSE-SU-2012:1036 - https://bugzilla.redhat.com/show_bug.cgi?id=841702 - [oss-security] 20120816 pcp: Multiple security flaws - DSA-2533 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 - FEDORA-2012-12076 - FEDORA-2012-12024 - - - - - - - - - - - - - - - - - - - - - Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. - - - - - - - - - openSUSE-SU-2012:1081 - openSUSE-SU-2012:1079 - openSUSE-SU-2012:1036 - https://bugzilla.redhat.com/show_bug.cgi?id=841704 - https://bugzilla.redhat.com/show_bug.cgi?id=841319 - https://bugzilla.redhat.com/show_bug.cgi?id=841298 - [oss-security] 20120816 pcp: Multiple security flaws - DSA-2533 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 - FEDORA-2012-12076 - FEDORA-2012-12024 - - - - - - - - - - - - - - - - - - - - - - The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." - - - - - - - - - openSUSE-SU-2012:1081 - openSUSE-SU-2012:1079 - openSUSE-SU-2012:1036 - https://bugzilla.redhat.com/show_bug.cgi?id=841706 - [oss-security] 20120816 pcp: Multiple security flaws - DSA-2533 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354 - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 - FEDORA-2012-12076 - FEDORA-2012-12024 - - - - - - - - - - - - - - - - - - - - - - The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=840592 - USN-1521-1 - 50089 - RHSA-2012:1132 - openSUSE-SU-2012:0982 - openSUSE-SU-2012:0981 - SUSE-SU-2012:0979 - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS - - - - - - - - - - - - The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. - - - - - - - - - - - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d7375e2a9076 - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/d65bd94e0ba9 - https://bugzilla.redhat.com/show_bug.cgi?id=841345 - USN-1521-1 - 50089 - RHSA-2012:1132 - openSUSE-SU-2012:0982 - openSUSE-SU-2012:0981 - SUSE-SU-2012:0979 - http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=863 - http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=518 - - - - - - - - - - - - The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. - - - - - - - - - [rubyonrails-security] 20120726 Ruby on Rails DoS Vulnerability in authenticate_or_request_with_http_digest (CVE-2012-3424) - http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image. - - - - - - - - - - [oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images - [oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images - openSUSE-SU-2012:0934 - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8 - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15 - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14 - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. - - - - - - - - - - https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz - [oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426) - http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de - http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626 - http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355 - https://bugs.launchpad.net/keystone/+bug/998185 - https://bugs.launchpad.net/keystone/+bug/997194 - https://bugs.launchpad.net/keystone/+bug/996595 - USN-1552-1 - 50494 - 50045 - http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454 - http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d - http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa - - - - - - - - - - - - - - - - - The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query. - - - - - - - - - 1027341 - http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006 - https://bugzilla.redhat.com/show_bug.cgi?id=842466 - binddyndbldap-dnstoldapdnescape-dos(77391) - 54787 - [oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429 - 50159 - 50086 - RHSA-2012:1139 - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php in the Count Per Day module before 3.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) datemin, or (3) datemax parameter. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset/571926/count-per-day - http://www.tomsdimension.de/wp-plugins/count-per-day - 83491 - [oss-security] 20120727 Re: CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015) - [oss-security] 20120724 CVE-request: WordPress plugin Count Per Day XSS (SSCHADV2012-015) - http://www.darksecurity.de/advisories/2012/SSCHADV2012-015.txt - 49692 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. - - - - - - - - - - - http://git.zabbixzone.com/zabbix2.0/.git/commitdiff/333a3a5542ba8a2c901c24b7bf5440f41f1f4f54 - https://support.zabbix.com/browse/ZBX-5348 - zabbix-popupbitem-sql-injection(77195) - 54661 - [oss-security] 20120728 Re: Zabbix SQL injection flaw (CVE request) - [oss-security] 20120727 Zabbix SQL injection flaw (CVE request) - 20087 - 49809 - 84127 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=844101 - imagemagick-png-dos(77260) - USN-1544-1 - 1027321 - 54714 - 50091 - - - - - - - - - - The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation. - Per: http://xforce.iss.net/xforce/xfdb/77259 - -'Platforms Affected: GraphicsMagick 1.3.16' - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=844105 - http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/rev/d6e469d02cd2 - graphicsmagick-png-dos(77259) - 54716 - 50090 - - - - - - - - - - A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. - Additional information: https://rhn.redhat.com/errata/RHSA-2012-1149.html - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=844442 - - - - - - - - - - - - - The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. - - - - - - - - - - - https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab - https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281 - https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63 - https://bugzilla.novell.com/show_bug.cgi?id=767319 - [oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts - [oss-security] 20120730 CVE Request: icinga sample db creation scripts - - - - - - - - - - The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. - - - - - - - - - - https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ - [oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues - [oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file. - - - - - - - - - https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ - [oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues - [oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image. - - - - - - - - - https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/ - [oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues - [oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer. - - - - - - - - - [libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear - https://bugzilla.redhat.com/show_bug.cgi?id=844734 - 54748 - [oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear - [oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear - 50118 - RHSA-2012:1202 - openSUSE-SU-2012:0991 - - - - - - - - - - virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. - - - - - - - - - - https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368 - https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3 - https://review.openstack.org/#/c/10953/ - https://bugzilla.redhat.com/show_bug.cgi?id=845106 - https://bugs.launchpad.net/nova/+bug/1031311 - openstack-nova-code-execution(77539) - 54869 - [oss-security] 20120807 [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447) - - - - - - - - - - - - - Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. - - - - - - - - - - - http://ganglia.info/?p=549 - https://bugzilla.redhat.com/show_bug.cgi?id=845124 - https://bugs.gentoo.org/show_bug.cgi?id=428776 - 54699 - [oss-security] 20120801 Re: CVE request: Ganglia Web 3.5.1 - 50047 - FEDORA-2012-10699 - FEDORA-2012-10727 - - - - - - - - - - - - - - - - - - - - - - - Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files. - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=845350 - openvswitch-privilege-escalation(77417) - 54794 - 54789 - [oss-security] 20120803 Re: openvswitch world writable directories (CVE-2012-3449) - [oss-security] 20120802 openvswitch world writable directories (CVE-2012-3449) - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683665 - - - - - - - - - - pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value. - - - - - - - - - https://bugzilla.novell.com/show_bug.cgi?id=769785 - https://bugs.php.net/bug.php?id=61755 - http://www.php.net/ChangeLog-5.php - DSA-2527 - 20120610 [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation - SUSE-SU-2012:1033 - - - - - - - - - - - - - - - - - - - - - - - - - - - gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when multiple screens are used, only locks the screen with the active focus, which allows physically proximate attackers to bypass screen locking and access an unattended workstation. - - - - - - - - - - https://bugzilla.gnome.org/show_bug.cgi?id=679441 - [oss-security] 20120803 Re: gnome-screensaver 3.4.2 locked only active screen - [oss-security] 20120803 gnome-screensaver 3.4.2 locked only active screen - - - - - - - - - - - - - logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. - - - - - - - - - - 54802 - [oss-security] 20120803 CVE ASSIGNMENT: logol: creates world writable directory: /var/lib/logol/results - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683647 - - - - - - - - - - eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files. - - - - - - - - - - 54801 - [oss-security] 20120803 CVE ASSIGNMENT: extplorer: creates world writable directory /var/lib/extplorer/ftp_tmp - - - - - - - - - - Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. - - - - - - - - - - - koffice-kword-odf-bo(77483) - USN-1526-1 - 54816 - [oss-security] 20120810 Re: CVE request for Calligra - [oss-security] 20120806 Re: CVE request for Calligra - [oss-security] 20120805 Re: CVE request for Calligra - [oss-security] 20120804 Re: CVE request for Calligra - [oss-security] 20120804 CVE request for Calligra - http://www.kde.org/info/security/advisory-20120810-1.txt - 50199 - http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. - - - - - - - - - - - calligra-styles-bo(77482) - USN-1525-1 - 54816 - [oss-security] 20120810 Re: CVE request for Calligra - [oss-security] 20120806 Re: CVE request for Calligra - [oss-security] 20120805 Re: CVE request for Calligra - [oss-security] 20120804 Re: CVE request for Calligra - [oss-security] 20120804 CVE request for Calligra - http://www.kde.org/info/security/advisory-20120810-1.txt - 50050 - http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf - - - - - - - - - - - - - - - - - - PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. - - - - - - - - - 54863 - [oss-security] 20120806 Re: CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable - [oss-security] 20120806 CVE ASSIGN: pnp4nagios: process_perfdata.cfg world readable - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683879 - - - - - - - - - - - - - - - - - - - - - - - - Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors. - - - - - - - - - https://github.com/bbangert/beaker/commit/91becae76101cf87ce8cbfabe3af2622fc328fe5 - https://bugzilla.redhat.com/show_bug.cgi?id=809267 - [oss-security] 20120813 ANN: Beaker 1.6.4 released with important security update - DSA-2541 - 50520 - 50226 - - - - - - - - - - The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow. - - - - - - - - - http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=b17232f86f8e60d0d22caf9a2400494d3c77da58 - http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=6d4ca89cf1d3c9a8aff696c3a846ac5a51f762c1 - http://otr.git.sourceforge.net/git/gitweb.cgi?p=otr/libotr;a=commitdiff;h=1902baee5d4b056850274ed0fa8c2409f1187435 - https://bugzilla.redhat.com/show_bug.cgi?id=846377 - libotr-base64-bo(77528) - USN-1541-1 - 54907 - MDVSA-2012:131 - DSA-2526 - [OTR-dev] 20120727 Re: otrl_base64_otr_decode() function... - [OTR-dev] 20120727 otrl_base64_otr_decode() function... - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684121 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the prompt field to the select_tag helper. - - - - - - - - - - [rubyonrails-security] 20120810 Ruby on Rails Potential XSS Vulnerability in select_tag prompt - http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. - - - - - - - - - - [rubyonrails-security] 20120810 Potential XSS Vulnerability in Ruby on Rails - http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. - - - - - - - - - - [rubyonrails-security] 20120810 XSS Vulnerability in strip_tags - http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication. - - - - - - - - - https://issues.apache.org/jira/browse/QPID-3849 - https://bugzilla.redhat.com/show_bug.cgi?id=836276 - apache-qpid-broker-sec-bypass(77568) - 54954 - [oss-security] 20120809 CVE-2012-3467: Unauthorized access (authentication bypass) from client to broker due to use of NullAuthenticator in shadow connections - http://svn.apache.org/viewvc?view=revision&revision=1352992 - 50186 - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. - - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/fdb48d1 - https://github.com/ushahidi/Ushahidi_Web/commit/d954093 - https://github.com/ushahidi/Ushahidi_Web/commit/4764792 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. - - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66 - https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c - https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919 - https://github.com/ushahidi/Ushahidi_Web/commit/68d9916 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions. - - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/3301e48 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id. - - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - The email API in application/libraries/api/MY_Email_Api_Object.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request. - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/4c24325 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions. - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad - https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call. - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/529f353 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - The installer in the Ushahidi Platform before 2.5 omits certain calls to the exit function, which allows remote attackers to obtain administrative privileges via unspecified vectors. - - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/fcdad03 - https://github.com/ushahidi/Ushahidi_Web/commit/7892559 - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to a site name. - - - - - - - - - - https://github.com/ushahidi/Ushahidi_Web/commit/00eae4f - [oss-security] 20120809 Re: CVE request for Ushahidi - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action. - - - - - - - - - - - 20120812 NeoInvoice Blind SQL Injection (CVE-2012-3477) - http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/ - - - - - - - - - - rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. - - - - - - - - - [oss-security] 20120810 Re: CVE Request: rssh command-line parsing vulnerability - [oss-security] 20120810 CVE Request: rssh command-line parsing vulnerability - DSA-2530 - [rssh-discuss] 20120508 Re: rssh security announcement - 50272 - 20120508 rssh security announcement - - - - - - - - - - - - - - - - - lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. - - - - - - - - - - - [oss-security] 20120813 Security flaw in GNU Emacs file-local variables - SSA:2012-228-02 - 1027375 - 54969 - [oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables - 50157 - http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 - - - - - - - - - - - - - Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. - - - - - - - - - - - 54982 - [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines - [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines - [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) - http://sourceware.org/bugzilla/show_bug.cgi?id=14459 - 50201 - RHSA-2012:1208 - RHSA-2012:1207 - 84710 - FEDORA-2012-11927 - - - - - - - - - - Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=847303 - https://bugzilla.novell.com/show_bug.cgi?id=776572 - 1027411 - 55101 - [oss-security] 20120820 The Gimp GIF plug-in CVE-2012-3481 issue - 50296 - RHSA-2012:1181 - RHSA-2012:1180 - openSUSE-SU-2012:1080 - SUSE-SU-2012:1038 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. - - - - - - - - - - - - [oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) - http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker.c - http://code.google.com/p/tunnelblick/issues/detail?id=212 - 20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick - - - - - - - - - - Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. - - - - - - - - - - - - [oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) - http://code.google.com/p/tunnelblick/issues/detail?id=212 - 20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick - - - - - - - - - - Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call. - - - - - - - - - - - - [oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) - http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker-for-kids.sh - http://code.google.com/p/tunnelblick/issues/detail?id=212 - 20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick - - - - - - - - - - Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. - - - - - - - - - - - - [oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) - http://code.google.com/p/tunnelblick/issues/detail?id=212 - 20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick - - - - - - - - - - Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. - - - - - - - - - [oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) - http://code.google.com/p/tunnelblick/issues/detail?id=212 - 20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick - - - - - - - - - - The squidclamav_check_preview_handler function in squidclamav.c in SquidClamav 5.x before 5.8 and 6.x before 6.7 passes an unescaped URL to a system command call, which allows remote attackers to cause a denial of service (daemon crash) via a URL with certain characters, as demonstrated using %0D or %0A. - - - - - - - - - https://github.com/darold/squidclamav/commit/80f74451f628264d1d9a1f1c0bbcebc932ba5e00 - https://bugs.gentoo.org/show_bug.cgi?id=428778 - 54663 - 84138 - [oss-security] 20120816 Re: CVE Request: SquidClamav insufficient escaping flaws - [oss-security] 20120816 CVE Request: SquidClamav insufficient escaping flaws - http://squidclamav.darold.net/news.html - 49057 - http://freecode.com/projects/squidclamav/releases/346722 - - - - - - - - - - - - - - - - - - - - - - - - The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. - - - - - - - - - http://www.apache.org/dist/httpd/CHANGES_2.4.3 - [announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released - http://httpd.apache.org/security/vulnerabilities_24.html - - - - - - - - - - - - The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token. - - - - - - - - - - - https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3 - https://github.com/Katello/katello/pull/499 - 55140 - RHSA-2012:1187 - RHSA-2012:1186 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. - - - - - - - - - - http://www.securelist.com/en/advisories/50212 - [oss-security] 20120820 Re: CVE-request: Roundcube XSS issues - [oss-security] 20120820 Re: CVE-request: Roundcube XSS issues - [oss-security] 20120820 CVE-request: Roundcube XSS issues - http://trac.roundcube.net/ticket/1488519 - http://sourceforge.net/projects/roundcubemail/files/roundcubemail/0.8.0/ - 50212 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. - - - - - - - - - - https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee - http://www.securelist.com/en/advisories/50279 - [oss-security] 20120820 Re: CVE-request: Roundcube XSS issues - [oss-security] 20120820 CVE-request: Roundcube XSS issues - http://trac.roundcube.net/ticket/1488613 - http://sourceforge.net/news/?group_id=139281&id=309011 - 50279 - - - - - - - - - - Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow. - - - - - - - - - gnu-libiberty-overflow(78135) - 55281 - [oss-security] 20120829 CVE-2012-3509: objalloc_alloc integer overflows in libiberty - http://security-tracker.debian.org/tracker/CVE-2012-3509 - [gcc-patches] 20120829 [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509) - http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411 - - - - - - - - - - - - - OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors. - - - - - - - - - 55114 - [oss-security] 20120820 ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514 - 50311 - - - - - - - - - - Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. - - - - - - - - - https://trac.torproject.org/projects/tor/ticket/6480 - [tor-announce] 20120819 Tor 0.2.2.38 is released - https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c - https://bugzilla.redhat.com/show_bug.cgi?id=849949 - [oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues - - - - - - - - - - The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. - - - - - - - - - https://trac.torproject.org/projects/tor/ticket/6530 - [tor-announce] 20120819 Tor 0.2.2.38 is released - https://gitweb.torproject.org/tor.git/commit/57e35ad3d91724882c345ac709666a551a977f0f - https://gitweb.torproject.org/tor.git/commit/55f635745afacefffdaafc72cc176ca7ab817546 - [oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues - - - - - - - - - - routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. - - - - - - - - - https://trac.torproject.org/projects/tor/ticket/6537 - [tor-announce] 20120819 Tor 0.2.2.38 is released - https://gitweb.torproject.org/tor.git/commit/d48cebc5e498b0ae673635f40fc57cdddab45d5b - https://gitweb.torproject.org/tor.git/commit/308f6dad20675c42b29862f4269ad1fbfb00dc9a - [oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues - - - - - - - - - - s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. - - - - - - - - - - https://github.com/Jabberd2/jabberd2/commit/aabcffae560d5fd00cd1d2ffce5d760353cf0a4d - https://bugzilla.redhat.com/show_bug.cgi?id=850872 - http://xmpp.org/resources/security-notices/server-dialback/ - 55167 - [oss-security] 20120822 Re: CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks - [oss-security] 20120822 CVE Request -- jabberd2: Prone to unsolicited XMPP Dialback attacks - [jabberd2] 20120821 Fwd: [Security] Vulnerability in XMPP Server Dialback Implementations - 50124 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request. - - - - - - - - - http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial - [oss-security] 20120822 Re: CVE Request: Apache mod RPAF denial of service - [oss-security] 20120822 CVE Request: Apache mod RPAF denial of service - DSA-2532 - 50400 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984 - - - - - - - - - - - view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)." - - - - - - - - - - - typo3-viewhelp-code-exec(77791) - [oss-security] 20120822 Re: CVE request: Typo3 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ - 50287 - 84773 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - typo3-backend-unspec-xss(77792) - [oss-security] 20120822 Re: CVE request: Typo3 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ - 50287 - 84771 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors. - - - - - - - - - typo3-config-module-info-disc(77793) - [oss-security] 20120822 Re: CVE request: Typo3 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ - 50287 - 84775 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events. - Per: http://cwe.mitre.org/data/definitions/184.html - -'CWE-184: Incomplete Blacklist' - - - - - - - - - - typo3-html5-xss(77794) - [oss-security] 20120822 Re: CVE request: Typo3 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ - 50287 - 84772 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - [oss-security] 20120822 Re: CVE request: Typo3 - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 does not check the server SSL certificate against the client keys, which allows remote attackers to spoof a server via a man-in-the-middle (MITM) attack. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=851672 - ovirt-ssl-spoofing(77984) - 55208 - [oss-security] 20120826 Re: oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) - [oss-security] 20120824 oVirt 3.1 does not validate server certificates in python sdk and cli (CVE-2012-3533) - 50409 - http://gerrit.ovirt.org/#/c/7249/ - http://gerrit.ovirt.org/#/c/7209/ - - - - - - - - - - - - - - - - GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service (connection and thread consumption) via a large number of connections. - - - - - - - - - gatekeeper-unspec-code-exec(77975) - 55198 - 84862 - [oss-security] 20120826 Re: Re: information request on security bug fix in GNU Gatekeeper 3.1 - [oss-security] 20120825 Re: information request on security bug fix in GNU Gatekeeper 3.1 - [oss-security] 20120824 information request on security bug fix in GNU Gatekeeper 3.1 - http://www.gnugk.org/gnugk-3.1.html - 50343 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. - - - - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=842918 - openjpeg-files-bo(77994) - 55214 - [oss-security] 20120827 Re: CVE Request: Heap-based buffer overflow in openjpeg - [oss-security] 20120827 CVE Request: Heap-based buffer overflow in openjpeg - 50360 - 84978 - http://code.google.com/p/openjpeg/issues/detail?id=170 - - - - - - - - - - - - The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. - - - - - - - - - - - https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87 - https://github.com/SUSE-Cloud/barclamp-deployer/commit/5ea8d4ddaa4cb1ce834d36889f0fe7ac0d617bc8 - https://github.com/dellcloudedge/barclamp-deployer/pull/57 - https://bugzilla.novell.com/show_bug.cgi?id=774967 - crowbar-privilege-escalation(78041) - 55240 - [oss-security] 20120827 Re: CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling - [oss-security] 20120827 CVE request: crowbar ohai plugin: local privilege (root) escalation due to insecure tmp file handling - 50442 - 84955 - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4681. Reason: This candidate is a duplicate of CVE-2012-4681. Notes: All CVE users should reference CVE-2012-4681 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake. - - - - - - - - - - - https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b - [openstack] 20120830 Re: [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) - [openstack] 20120830 [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542) - https://bugs.launchpad.net/horizon/+bug/1039077 - openstackdashboard-next-open-redirect(78196) - 55329 - [oss-security] 20120830 Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540) - [oss-security] 20120830 [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542) - 50480 - - - - - - - - - - OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540. - - - - - - - - - https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa - https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155 - [openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) - https://bugs.launchpad.net/keystone/+bug/1040626 - USN-1552-1 - 55326 - [oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542) - 50494 - 50467 - - - - - - - - - - - - - The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file. - - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 - https://bugzilla.redhat.com/show_bug.cgi?id=849926 - [oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils. - - - - - - - - - - https://github.com/SUSE-Cloud/barclamp-crowbar/commit/a82ed926c6e3ba2b0cada213c35e4b00f34ea629 - https://github.com/SUSE-Cloud/barclamp-crowbar/commit/90e905b7668a1cc884fb70040f96c7a0a287de48 - https://bugzilla.novell.com/show_bug.cgi?id=771840 - 55315 - [oss-security] 20120830 Re: CVE request: crowbar XSS - - - - - - - - - - chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open Source 10.x before 10.5.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by sending a Station Key Pad Button message and closing a connection in off-hook mode, a related issue to CVE-2012-2948. - Per: http://cwe.mitre.org/data/definitions/476.html - -'CWE-476: NULL Pointer Dereference' - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-009.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. - - - - - - - - - - - http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html - http://joomlacode.org/gf/project/rsgallery2/news/ - http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue. - - - - - - - - - - - - http://www.opera.com/support/kb/view/1021/ - http://www.opera.com/docs/changelogs/windows/1200/ - http://www.opera.com/docs/changelogs/unix/1200/ - http://www.opera.com/docs/changelogs/mac/1200/ - http://www.opera.com/docs/changelogs/mac/1165/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-click action, which makes it easier for user-assisted remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary code via a crafted web site. - - - - - - - - - - - - http://www.opera.com/support/kb/view/1020/ - http://www.opera.com/docs/changelogs/windows/1200/ - http://www.opera.com/docs/changelogs/unix/1200/ - http://www.opera.com/docs/changelogs/mac/1200/ - http://www.opera.com/docs/changelogs/mac/1165/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.65 does not properly restrict the reading of JSON strings, which allows remote attackers to perform cross-domain loading of JSON resources and consequently obtain sensitive information via a crafted web site. - - - - - - - - - http://www.opera.com/support/kb/view/1019/ - http://www.opera.com/docs/changelogs/windows/1200/ - http://www.opera.com/docs/changelogs/unix/1200/ - http://www.opera.com/docs/changelogs/mac/1200/ - http://www.opera.com/docs/changelogs/mac/1165/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects. - - - - - - - - - - http://www.opera.com/support/kb/view/1018/ - http://www.opera.com/docs/changelogs/windows/1200/ - http://www.opera.com/docs/changelogs/unix/1200/ - http://www.opera.com/docs/changelogs/mac/1200/ - http://www.opera.com/docs/changelogs/mac/1165/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue." - - - - - - - - - - - http://www.opera.com/docs/changelogs/mac/1200/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. - - - - - - - - - - http://www.opera.com/support/kb/view/1022/ - http://www.opera.com/docs/changelogs/windows/1200/ - http://www.opera.com/docs/changelogs/unix/1200/ - http://www.opera.com/docs/changelogs/mac/1200/ - http://www.opera.com/docs/changelogs/mac/1165/ - http://blog.vulnhunt.com/index.php/2012/06/14/cal-2012-0015-opera-website-spoof/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string. - - - - - - - - - - - http://www.opera.com/support/kb/view/1016/ - http://www.opera.com/docs/changelogs/windows/1164/ - http://www.opera.com/docs/changelogs/unix/1164/ - http://www.opera.com/docs/changelogs/mac/1164/ - 81809 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page. - - - - - - - - - - opera-reload-dos(76357) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via a web page that contains invalid character encodings. - - - - - - - - - opera-charencode-dos(76358) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows remote attackers to cause a denial of service (application hang) via an absolutely positioned wrap=off TEXTAREA element located next to an "overflow: auto" block element. - - - - - - - - - opera-wrapoff-dos(76359) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted characters in domain names, as demonstrated by "IDNA2008 tests." - - - - - - - - - opera-domainnames-dos(76360) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application hang) via JavaScript code that changes a form before submission. - - - - - - - - - - opera-form-dos(76361) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows remote attackers to cause a denial of service (memory consumption or application hang) via an IFRAME element that uses the src="#" syntax to embed a parent document. - - - - - - - - - opera-iframesrc-dos(76362) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.00 Beta allows remote attackers to cause a denial of service (application crash) via crafted WebGL content, as demonstrated by a codeflow.org WebGL demo. - - - - - - - - - opera-webgl-dos(76363) - http://www.opera.com/docs/changelogs/windows/1200b/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter. - - - - - - - - - https://kb.isc.org/article/AA-00714 - openSUSE-SU-2012:1006 - - - - - - - - - - - - - - - - - - - - - - ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. - - - - - - - - - https://kb.isc.org/article/AA-00712 - USN-1519-1 - DSA-2516 - RHSA-2012:1141 - RHSA-2012:1140 - openSUSE-SU-2012:1006 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and MyMesyuarat 09b-1, does not properly verify uploaded documents, which allows remote authenticated users to execute arbitrary PHP code via a crafted document. - - - - - - - - - - - http://www.mycert.org.my/en/services/advisories/mycert/2012/main/detail/904/index.html - http://sourceforge.net/projects/mymesyuarat/files/mymesyuarat/mymesyuarat%20ver0.9b-2.zip/download - - - - - - - - - - - - - Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp. - - - - - - - - - - - wp-mmforms-doajaxfileupload-file-upload(76133) - 53852 - http://www.opensyscom.fr/Actualites/wordpress-plugins-mm-forms-community-shell-upload-vulnerability.html - 18997 - 49411 - - - - - - - - - - - Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider. - - - - - - - - - - - rbxgallery-uploader-file-upload(76170) - http://www.opensyscom.fr/Actualites/wordpress-plugins-rbx-gallery-multiple-arbitrary-file-upload-vulnerability.html - 19019 - 49463 - - - - - - - - - - Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. - - - - - - - - - - - wpstorecart-upload-file-upload(76166) - 19023 - http://wordpress.org/extend/plugins/wpstorecart/changelog/ - 49459 - http://plugins.trac.wordpress.org/changeset?old_path=%2Fwpstorecart&old=555124&new_path=%2Fwpstorecart&new=555124 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. - - - - - - - - - - - wp-nmedia-doupload-file-upload(76076) - 53790 - http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html - http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/ - 49375 - http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html - - - - - - - - - - - - Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images. - - - - - - - - - - - wp-fcchatwidget-upload-file-upload(76123) - 53855 - http://www.opensyscom.fr/Actualites/wordpress-plugins-fcchat-widget-shell-upload-vulnerability.html - 49419 - http://packetstormsecurity.org/files/113323/WordPress-FCChat-Widget-2.x-Shell-Upload.html - - - - - - - - - - Symantec Messaging Gateway before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 - 55143 - - - - - - - - - - - - - - Symantec Messaging Gateway before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. - - - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 - 55141 - - - - - - - - - - - - - - Symantec Messaging Gateway before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 - 55142 - - - - - - - - - - - - - - Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly manage sessions that include key search requests, which might allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user's session. - - - - - - - - - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00 - 55246 - - - - - - - - - - - Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file. - - - - - - - - - - - - http://www.reactionpenetrationtesting.co.uk/Irfanview-JLS-Heap-Overflow.html - 20120629 Irfanview Plugins JLS Decompression - - - - - - - - - - APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. - - - - - - - - - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128 - USN-1477-1 - USN-1475-1 - 20120612 Strange gpg key shadowing - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter. - - - - - - - - - newsletter-preview-file-disclosure(76171) - http://www.opensyscom.fr/Actualites/wordpress-plugins-plugin-newsletter-remote-file-disclosure-vulnerability.html - 19018 - 49464 - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1. - - - - - - - - - - - - http://support.apple.com/kb/HT5485 - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-09-12-1 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. - - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. - - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. - Per: http://cwe.mitre.org/data/definitions/184.html - -'CWE-184: Incomplete Blacklist' - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site. - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. - - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit in Apple Safari before 6.0 does not properly handle file: URLs, which allows remote attackers to bypass intended sandbox restrictions and read arbitrary files by leveraging a WebProcess compromise. - - - - - - - - - http://support.apple.com/kb/HT5400 - APPLE-SA-2012-07-25-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. - - - - - - - - - APPLE-SA-2012-07-25-2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. - - - - - - - - - - - http://support.apple.com/kb/HT5485 - APPLE-SA-2012-09-12-1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, 0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before 0.6.3rc1 allows remote attackers to cause a denial of service (process hang) via unknown behavior on a Bitcoin network. - - - - - - - - - https://en.bitcoin.it/wiki/CVEs - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action. - - - - - - - - - - http://loganalyzer.adiscon.com/downloads/loganalyzer-v3-5-5-v3-beta - http://loganalyzer.adiscon.com/downloads/loganalyzer-3-4-4-v3-stable - http://secpod.org/blog/?p=504 - http://secpod.org/advisories/SecPod_LogAnalyzer_XSS_Vuln.txt - http://loganalyzer.adiscon.com/security-advisories/loganalyzer-cross-site-scripting-vulnerability-in-highlight-parameter - - - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php. - - - - - - - - - - - swcms-multiple-sql-injection(75999) - 53749 - 18955 - 82414 - 82413 - 82412 - - - - - - - - - - Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (out-of-bounds read operation) via a crafted packet that triggers a certain Find Node check attempt. - - - - - - - - - https://www.hmisource.com/otasuke/news/2012/0606.html - https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt - 53499 - 49172 - http://aluigi.org/adv/proservrex_1-adv.txt - - - - - - - - - - - - - - - - Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow. - - - - - - - - - https://www.hmisource.com/otasuke/news/2012/0606.html - https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt - proserverex-overflow-dos(75547) - 53499 - 49172 - http://aluigi.org/adv/proservrex_1-adv.txt - - - - - - - - - - - - - - - - Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted packet with a certain opcode that triggers an invalid attempt to allocate a large amount of memory. - - - - - - - - - https://www.hmisource.com/otasuke/news/2012/0606.html - https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt - proserverex-exception-dos(75551) - 53499 - 49172 - http://aluigi.org/adv/proservrex_1-adv.txt - - - - - - - - - - - - - - - - Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field. - - - - - - - - - https://www.hmisource.com/otasuke/news/2012/0606.html - https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt - 53499 - 49172 - http://aluigi.org/adv/proservrex_1-adv.txt - - - - - - - - - - - - - - - - Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to obtain sensitive information from daemon memory via a crafted packet with a certain opcode. - - - - - - - - - https://www.hmisource.com/otasuke/news/2012/0606.html - https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt - 53499 - 49172 - http://aluigi.org/adv/proservrex_1-adv.txt - - - - - - - - - - - - - - - - Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode. - - - - - - - - - - - https://www.hmisource.com/otasuke/news/2012/0606.html - https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt - 53499 - 49172 - http://aluigi.org/adv/proservrex_1-adv.txt - - - - - - - - - - - - - - - - The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when creating a local user account, allows attackers to obtain part of the initial input used to generate passwords, which makes it easier to conduct brute force password guessing attacks. - - - - - - - - - http://drupal.org/node/1632734 - http://drupal.org/node/1632704 - http://drupal.org/node/1632702 - 82957 - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences. - - - - - - - - - - - - http://drupalcode.org/project/maestro.git/commitdiff/c499971 - http://drupal.org/node/1619830 - http://drupal.org/node/1617952 - maestro-unspecified-csrf(76146) - 53836 - 82714 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49393 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. - - - - - - - - - - http://drupalcode.org/project/og.git/commitdiff/d48fef5 - http://drupal.org/node/1619810 - http://drupal.org/node/1619736 - organicgroups-unspecified-xss(76149) - 53838 - 82712 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - 49397 - - - - - - - - - - - - - - - - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2704. Reason: This candidate is a duplicate of CVE-2012-2704. Notes: All CVE users should reference CVE-2012-2704 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. - - - - - - Unspecified vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote authenticated users to read the commissions of other users via unknown attack vectors. - - - - - - - - - http://drupal.org/node/1585648 - postaffiliatepro-registration-xss(75716) - 53589 - [oss-security] 20120613 Re: CVE Request for Drupal contributed modules - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23097 - http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html - http://www.kajona.de/changelog_34x.de.html - 49849 - 20120711 Multiple Cross-Site Scripting (XSS) in Kajona - - - - - - - - - - - - - - - - - Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request. - Per: http://cwe.mitre.org/data/definitions/434.html - -'CWE-434: Unrestricted Upload of File with Dangerous Type' - - - - - - - - - - - https://downloads.avaya.com/css/P8/documents/100164021 - http://zerodayinitiative.com/advisories/ZDI-12-106/ - - - - - - - - - - - Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. - - - - - - - - - https://issues.asterisk.org/jira/browse/ASTERISK-20052 - http://downloads.asterisk.org/pub/security/AST-2012-011.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. - - - - - - - - - - - 18994 - 49327 - 82657 - - - - - - - - - - Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 46824. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - winlog-request-bo(76060) - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=70 - http://www.sielcosistemi.com/en/news/index.html?id=69 - 53811 - http://www.s3cur1ty.de/m1adv2012-001 - 82654 - 1027128 - 49395 - 20120605 Sielco Sistemi Winlog Buffer Overflow <= v2.07.14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet. - - - - - - - - - winradius-accessrequest-dos(75890) - 53702 - 18945 - 49299 - 20120527 WinRadius Server Denial Of Service Vulnerability - - - - - - - - - - ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. - - - - - - - - - https://kb.isc.org/article/AA-00729 - USN-1518-1 - RHSA-2012:1123 - RHSA-2012:1122 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information. - - - - - - - - - http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html - http://als.regnet.cz/fpm2/feedback/2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bluetooth HCI dissectors, a different vulnerability than CVE-2012-2392. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121 - http://www.wireshark.org/security/wnpa-sec-2012-08.html - 49226 - oval:org.mitre.oval:def:15478 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 - http://www.wireshark.org/security/wnpa-sec-2012-08.html - 49226 - oval:org.mitre.oval:def:15536 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header. - - - - - - - - - - joomla-hostheader-xss(75223) - 53277 - http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html - - - - - - - - - - Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header. - - - - - - - - - http://packetstormsecurity.org/files/112249/Joomla-2.5.3-Host-Header-Cross-Site-Scripting.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive. - - - - - - - - - - https://github.com/milesj/php-decoda/commit/666778f326dff3bd213be9f624f0fcb337c0b4c9 - https://github.com/milesj/php-decoda/commit/4068257bb4e1071d1d60577289d3da922c296c83 - decoda-decoda-xss(75333) - 53332 - http://www.redteam-pentesting.de/en/advisories/rt-sa-2012-002/-php-decoda-cross-site-scripting-in-video-tags - 48931 - 81637 - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag. - - - - - - - - - - https://github.com/milesj/php-decoda/commit/104afad9d3cb1fbb766c4bc5b98e070a8a13fbd8 - 81637 - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags. - - - - - - - - - - https://github.com/milesj/php-decoda/commit/6f2b9fb48bc110edeab17459038feb2627d52320 - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. - - - - - - - - - - quickcms-admin-xss(75224) - 53273 - http://packetstormsecurity.org/files/112243/Quick.CMS-4.0-Cross-Site-Scripting.html - http://hauntit.blogspot.com/2012/03/en-quickcmsv40-xss-over-get.html - - - - - - - - - - SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter. - - - - - - - - - - - alienvault-baseqrymain-sql-injection(75290) - 53331 - http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt - 18800 - http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html - 49005 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page. - - - - - - - - - - alienvault-multiple-xss(75297) - 53331 - http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-002.txt - 18800 - http://www.darksecurity.de/index.php?/211-KORAMIS-ADV2012-002-Alienvault-OSSIM-Open-Source-SIEM-3.1-Multiple-security-vulnerabilities.html - 49005 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) groupname parameter in a savecategory in the users module; (2) virtual_filename, (3) branch, (4) contact_person, (5) street, (6) city, (7) province, (8) postal, (9) country, (10) tollfree, (11) phone, (12) fax, or (13) mobile parameter in a saveitem action in the contacts module; (14) title parameter in a savecategory action in the menus module; (15) firstname or (16) lastname in a saveitem action in the users module; (17) meta_key or (18) meta_description in a saveitem action in the blog module; or (19) the PATH_INFO to admin/index.php. - - - - - - - - - - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php - 53366 - 18827 - http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html - 49023 - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_verify, (5) firstname, (6) lastname, or (7) verification_code parameter to users/action/register. NOTE: some of these details are obtained from third party information. - - - - - - - - - - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php - 53366 - 18827 - http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html - 49052 - - - - - - - - - - - - - - - - - - - - - - Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php. - - - - - - - - - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php - 18827 - http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search. - - - - - - - - - - - https://bitbucket.org/jesseterry/myclientbase/changeset/789099396f05 - myclientbase-index-sql-injection(75298) - 53311 - 18814 - 48961 - http://myclientbase.com/ - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters. - - - - - - - - - - myclientbase-index-xss(75299) - 53311 - 18814 - 48961 - - - - - - - - - - Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ehtrace.dll that is located in the current working directory. - - - Per indicated reference links 1182120 and 1182121, the attack can be leveraged remotely has been scored as such pending clarification of CVE description. - - - - - - - - - - - - kmplayer-dll-code-execution(75193) - http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html - 81558 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters. - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=509 - 53281 - 20120426 DirectAdmin v1.403 - Multiple Cross Site Vulnerabilities - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - e107-registration-xss(75225) - 53271 - http://packetstormsecurity.org/files/112241/e107-Cross-Site-Scripting.html - http://hauntit.blogspot.com/2012/04/en-e107-cms-reflected-xss-in.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post. - - - - - - - - - - vbulletin-subjectparameter-xss(75325) - 53319 - http://packetstormsecurity.org/files/112385/vBulletin-4.1.12-Cross-Site-Scripting.html - http://hauntit.blogspot.com/2012/04/en-vbulletin-4112-cross-site-scripting.html - - - - - - - - - - Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request. - - - - - - - - - lan-messenger-packet-dos(75319) - 53333 - 18816 - 20120501 LAN Messenger v1.2.28 - Denial of Service Vulnerability - - - - - - - - - - Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin 2.1 allows remote attackers to inject arbitrary web script or HTML via the title parameter. - - - - - - - - - - phppastebin-index-xss(75323) - 53329 - 81661 - 49025 - http://packetstormsecurity.org/files/112375/PHP-Pastebin-Cross-Site-Scripting.html - - - - - - - - - - slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 and Wonderware Application Server 2012 allows remote attackers to cause a denial of service (resource consumption) via a long Unicode string, a different vulnerability than CVE-2012-3007. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-171-01.pdf - 49173 - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php. - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. - - - - - - - - - - - http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html - - - - - - - - - - channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-010.html - https://issues.asterisk.org/jira/browse/ASTERISK-19992 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request. - - - - - - - - - https://github.com/puppetlabs/puppet/commit/c3c7462e4066bf3a563987a402bf3ddf278bcd87 - https://github.com/puppetlabs/puppet/commit/10f6cb8969b4d5a933b333ecb01ce3696b1d57d4 - https://bugzilla.redhat.com/show_bug.cgi?id=839130 - USN-1506-1 - DSA-2511 - http://puppetlabs.com/security/cve/cve-2012-3864/ - SUSE-SU-2012:0983 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name. - - - - - - - - - https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6 - https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f - https://bugzilla.redhat.com/show_bug.cgi?id=839131 - USN-1506-1 - DSA-2511 - http://puppetlabs.com/security/cve/cve-2012-3865/ - SUSE-SU-2012:0983 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. - - - - - - - - - https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f - https://bugzilla.redhat.com/show_bug.cgi?id=839135 - USN-1506-1 - DSA-2511 - http://puppetlabs.com/security/cve/cve-2012-3866/ - - - - - - - - - - - - - - - - - - - - - - - - - - - lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences. - - - - - - - - - - https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50 - https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640 - https://bugzilla.redhat.com/show_bug.cgi?id=839158 - USN-1506-1 - DSA-2511 - http://puppetlabs.com/security/cve/cve-2012-3867/ - SUSE-SU-2012:0983 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. - - - - - - - - - https://kb.isc.org/article/AA-00730 - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in include/classes/class.rex_list.inc.php in REDAXO 4.3.x and 4.4 allows remote attackers to inject arbitrary web script or HTML via the subpage parameter to index.php. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23098 - 54670 - http://www.redaxo.org/de/download/sicherheitshinweise/ - 49904 - 20120725 Cross-Site Scripting (XSS) in Redaxo - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php. - - - - - - - - - - - https://code.google.com/p/rtg2/issues/detail?id=35 - [oss-security] 20120709 CVE-2012-3881 RTG and RTG2: 95.php/rtg.php/view.php SQL injection - - - - - - - - - - - - - AirDroid 1.0.4 beta implements authentication through direct transmission of a password hash over HTTP, which makes it easier for remote attackers to obtain access by sniffing the local wireless network and then replaying the authentication data. - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - 20120712 security advisory: AirDroid 1.0.4 beta - - - - - - - - - - The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. - - - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - 20120712 security advisory: AirDroid 1.0.4 beta - - - - - - - - - - AirDroid 1.0.4 beta uses the MD5 algorithm for values in the checklogin key parameter and 7bb cookie, which makes it easier for remote attackers to obtain cleartext data by sniffing the local wireless network and then conducting a (1) brute-force attack or (2) rainbow-table attack. - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - 20120712 security advisory: AirDroid 1.0.4 beta - - - - - - - - - - AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the sdctl/sms/send/single/ URI. - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - 20120712 security advisory: AirDroid 1.0.4 beta - - - - - - - - - - - - - - - The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data. - - - - - - - - - http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt - 20120712 security advisory: AirDroid 1.0.4 beta - - - - - - - - - - The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. - - - - - - - - - - - http://forums.winamp.com/showthread.php?t=345684 - 54131 - 46624 - oval:org.mitre.oval:def:14748 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. - - - - - - - - - - - http://forums.winamp.com/showthread.php?t=345684 - 54131 - 46624 - oval:org.mitre.oval:def:15553 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote authenticated users to cause a denial of service (spoke crash) via spoke-to-spoke traffic, aka Bug ID CSCtz02622. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_4s.html - - - - - - - - - - - Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html - - - - - - - - - - - - - - sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and process crash, and traffic-inspection outage) via network traffic, aka Bug ID CSCtn23051. - - - - - - - - - http://www.cisco.com/web/software/282549758/51927/IPS-6_2-4-E4-readme.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - The updateTime function in sensorApp on Cisco IPS 4200 series sensors 7.0 and 7.1 allows remote attackers to cause a denial of service (process crash and traffic-inspection outage) via network traffic, aka Bug ID CSCta96144. - - - - - - - - - http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684. - - - - - - - - - - - - http://www.cisco.com/en/US/docs/security/ise/1.1/release_notes/ise1.1_rn.html - http://en.securitylab.ru/lab/ - - - - - - - - - - - - - - - - - The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote attackers to cause a denial of service (persistent IKE state) via a large volume of hub-to-spoke traffic, aka Bug ID CSCtq39602. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html - - - - - - - - - - The Cisco Application Control Engine (ACE) module 3.0 for Cisco Catalyst switches and Cisco routers does not properly monitor Load Balancer (LB) queues, which allows remote attackers to cause a denial of service (incorrect memory access and module reboot) via application traffic, aka Bug ID CSCtw70879. - - - - - - - - - http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_x/Release/Note/RACEA2_3_X.html - - - - - - - - - - The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html - - - - - - - - - - - - - The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961. - - - - - - - - - http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html - - - - - - - - - - - Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible Communications Platform (aka Jabber XCP) before 5.3 allow remote attackers to cause a denial of service (process crash) via a crafted XMPP stream header, aka Bug ID CSCtu32832. - - - - - - - - - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-cupxcp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session. - - - - - - - - - - - https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt - http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23100 - phplist-unconfirmed-xss(77526) - 54887 - http://www.phplist.com/?lid=579 - 50150 - 84482 - 20120808 Multiple Vulnerabilities in phpList - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. - - - - - - - - - - - http://www.phplist.com/?lid=579 - https://www.htbridge.com/advisory/HTB23100 - phplist-delete-sql-injection(77527) - 84483 - 20120808 Multiple Vulnerabilities in phpList - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. - - - - - - - - - https://kb.isc.org/article/AA-00737 - USN-1519-1 - DSA-2516 - RHSA-2012:1141 - openSUSE-SU-2012:1006 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. - - - - - - - - - https://kb.isc.org/article/AA-00779 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=774597 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=774548 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=772346 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=771994 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=771976 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=771873 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=769120 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=762280 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=756241 - http://www.mozilla.org/security/announce/2012/mfsa2012-58.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=769108 - http://www.mozilla.org/security/announce/2012/mfsa2012-60.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=775794 - https://bugzilla.mozilla.org/show_bug.cgi?id=775793 - http://www.mozilla.org/security/announce/2012/mfsa2012-61.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=777028 - http://www.mozilla.org/security/announce/2012/mfsa2012-62.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=775852 - http://www.mozilla.org/security/announce/2012/mfsa2012-62.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=782141 - http://www.mozilla.org/security/announce/2012/mfsa2012-63.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=760996 - http://www.mozilla.org/security/announce/2012/mfsa2012-63.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=753623 - https://bugzilla.mozilla.org/show_bug.cgi?id=753230 - http://www.mozilla.org/security/announce/2012/mfsa2012-64.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=746855 - http://www.mozilla.org/security/announce/2012/mfsa2012-65.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=757128 - http://www.mozilla.org/security/announce/2012/mfsa2012-66.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=770478 - http://www.mozilla.org/security/announce/2012/mfsa2012-67.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=770684 - http://www.mozilla.org/security/announce/2012/mfsa2012-68.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=768568 - http://www.mozilla.org/security/announce/2012/mfsa2012-69.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=770429 - http://www.mozilla.org/security/announce/2012/mfsa2012-70.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=769265 - http://www.mozilla.org/security/announce/2012/mfsa2012-71.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. - - - - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=771859 - http://www.mozilla.org/security/announce/2012/mfsa2012-72.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. - - - - - - - - - http://www.bugzilla.org/security/3.6.10/ - https://bugzilla.mozilla.org/show_bug.cgi?id=785470 - https://bugzilla.mozilla.org/show_bug.cgi?id=785112 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php. - - - - - - - - - http://info.tiki.org/article191-Tiki-Releases-8-4 - http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS - http://dev.tiki.org/item4109 - 83533 - 19630 - 19573 - 20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to inject arbitrary web script or HTML via the (1) paste_user or (2) paste_lang parameter to (a) list.php or (b) show.php. - - - - - - - - - - http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308 - https://bugzilla.redhat.com/show_bug.cgi?id=810928 - FEDORA-2012-9714 - FEDORA-2012-9739 - - - - - - - - - - Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.php. - - - - - - - - - - - http://gitorious.org/sticky-notes/sticky-notes/commit/d97475f07520d61af3d20fbaeb2e9a974c190308 - https://bugzilla.redhat.com/show_bug.cgi?id=810928 - FEDORA-2012-9714 - FEDORA-2012-9739 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. - - - - - - - - - - https://gitorious.org/sticky-notes/sticky-notes/merge_requests/2 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters. - - - - - - - - - - fckeditor-spellchecker-xss(76604) - 54188 - 49606 - http://disse.cting.org/blog/2012/06/22/fckeditor-reflected-xss-vulnerability/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. - - - - - - - - - https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 - https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile Black Edition application 2.2.0 and earlier for Android allows remote attackers to inject arbitrary web script or HTML via a crafted application that interacts with an unspecified Sleipnir Mobile function. - - - - - - - - - - https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir_black - https://play.google.com/store/apps/details?id=jp.co.fenrir.android.sleipnir - JVNDB-2012-000076 - JVN#39519659 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. - - - - - - - - - http://lineblog.naver.jp/archives/12893561.html - JVNDB-2012-000074 - JVN#67435981 - - - - - - - - - - - The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0, GREE Seisen Cerberus application before 1.1.0, and KDDI&GREE GREE Market application before 2.1.2 for Android do not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. - - - - - - - - - JVNDB-2012-000077 - JVN#99192898 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. - - - - - - - - - JVNDB-2012-000078 - JVN#92038939 - - - - - - - - - - The Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. - - - - - - - - - - - - http://magazine.cybozulive.com/2012/08/291200.html - JVNDB-2012-000081 - JVN#23009798 - - - - - - - - - - The WebView class in the Cybozu Live application 1.0.4 and earlier for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. - - - - - - - - - - - - http://magazine.cybozulive.com/2012/08/291200.html - JVNDB-2012-000082 - JVN#77393797 - - - - - - - - - - Opera before 11.60 allows remote attackers to spoof the address bar via unspecified homograph characters, a different vulnerability than CVE-2010-2660. - - - - - - - - - http://www.opera.com/docs/changelogs/windows/1160/ - JVNDB-2012-000080 - JVN#69880570 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site. - - - - - - - - - - - - JVNDB-2012-000083 - JVN#23568423 - http://cs.cybozu.co.jp/information/20120910up01.php - - - - - - - - - - - The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. - - - - - - - - - JVNDB-2012-000084 - JVN#59652356 - http://cs.cybozu.co.jp/information/20120910up02.php - - - - - - - - - - - The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL. - - - - - - - - - - http://products.cybozu.co.jp/remote/product/smartphone/ - JVNDB-2012-000085 - JVN#03015214 - - - - - - - - - - - Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. - - - - - - - - - - - - 83898 - [oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows - http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel - - - - - - - - - - - - - - - - Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. - - - - - - - - - - - - 83899 - [oss-security] 20120719 CVE-2012-4024 and CVE-2012-4025: Squashfs overflows - http://sourceforge.net/mailarchive/forum.php?thread_name=CAAoG81HL9oP8roPLLhftTSXTzSD%2BZcR66PRkVU%3Df76W3Mjde_w%40mail.gmail.com&forum_name=squashfs-devel - - - - - - - - - - - - - - - - The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. - - - - - - - - - VU#977312 - http://www.kb.cert.org/vuls/id/MORO-8UYN8P - - - - - - - - - - - - - Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file. - - - - - - - - - https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf - http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html - - - - - - - - - - Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication. - - - - - - - - - - - https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf - http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html - - - - - - - - - - Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) lang or (2) langid cookie to port 85. - - - - - - - - - wangkongbao-acloglogin-directory-traversal(76682) - 54267 - 19526 - 49776 - 83636 - - - - - - - - - - - - - Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. - - - - - - - - - - - websitepanel-returnurl-open-redirect(76803) - 54346 - http://websitepanel.codeplex.com/workitem/224 - 49813 - http://packetstormsecurity.org/files/114541/WebsitePanel-CMS-Open-Redirect.html - 83689 - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. - - - - - - - - - - - zingiri-wordpress-unspecified(75044) - http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/ - 48909 - http://forums.zingiri.com/announcements.php?aid=2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23101 - pbboard-indexscript-sql-injection(77501) - 54916 - http://www.pbboard.com/forums/t10353.html - http://www.pbboard.com/forums/t10352.html - 50153 - 84480 - - - - - - - - - - The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php. - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23101 - pbboard-index-security-bypass(77506) - 54916 - http://www.pbboard.com/forums/t10353.html - http://www.pbboard.com/forums/t10352.html - 50153 - 84481 - - - - - - - - - - Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216. - Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type' - - - - - - - - - - - https://www.htbridge.com/advisory/HTB23101 - pbboard-admin-security-bypass(77508) - 54916 - http://www.pbboard.com/forums/t10353.html - http://www.pbboard.com/forums/t10352.html - 50153 - 84479 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file. - - - - - - - - - - https://trac.transmissionbt.com/ticket/4979 - https://trac.transmissionbt.com/wiki/Changes#version-2.61 - 54705 - http://www.madirish.net/541 - 50027 - 20120726 Transmission BitTorrent XSS Vulnerability - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the inputStr parameter in a Login action. - - - - - - - - - - 83896 - http://blog.abhisek.me/2012/06/xss-on-palo-alto-networks-global.html - - - - - - - - - - - - - - - - - - - - - - - - - Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. - - - - - - - - - - - 54131 - 46624 - oval:org.mitre.oval:def:15335 - http://forums.winamp.com/showthread.php?t=345684 - - - - - - - - - - The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump. - - - - - - - - - http://www.wireshark.org/security/wnpa-sec-2012-11.html - oval:org.mitre.oval:def:15547 - openSUSE-SU-2012:0930 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680056 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet. - - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-nfs.c?r1=43576&r2=43575&pathrev=43576 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7436 - http://www.wireshark.org/security/wnpa-sec-2012-12.html - oval:org.mitre.oval:def:15707 - openSUSE-SU-2012:0930 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=43576 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors. - - - - - - - - - - - chromeos-multiple-unspecified(77191) - http://googlechromereleases.blogspot.com/2012/07/beta-channel-update-for-chrome-os.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter. - - - - - - - - - https://www.htbridge.com/advisory/HTB23104 - https://groups.google.com/forum/?fromgroups#!topic/jease/2BHaDww-5ac[1-25] - http://www.jease.org/download/2.9/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - ezpublish-ezoe-csrf(76811) - http://share.ez.no/community-project/security-advisories/ezsa-2012-009-ezoe-flash-player-csrf-security-issues - 49812 - 83676 - - - - - - - - - - - - Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 and earlier allows physically proximate attackers to execute arbitrary code via a crafted inf file. - - - - - - - - - - - - autorun-killer-bo(75238) - 53286 - 18792 - 81496 - - - - - - - - - - SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter. - - - - - - - - - - - uigafanclub-index2-sql-injection(75288) - 53295 - http://packetstormsecurity.org/files/112287/Uiga-FanClub-SQL-Injection.html - - - - - - - - - - SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter. - - - - - - - - - - - uiga-index2-sql-injection(75281) - 53296 - http://packetstormsecurity.org/files/112288/Uiga-Personal-Portal-SQL-Injection.html - - - - - - - - - - Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote attackers to execute arbitrary code via a crafted flm file. - - - - - - - - - - - - remote-anything-dos(75237) - 53303 - 18799 - 49008 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. - - - - - - - - - - socketmailpro-email-xss(75113) - http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html - 81532 - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action. - - - - - - - - - - - - socketmailpro-secretqtn-csrf(75114) - 81531 - http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html - - - - - - - - - - - Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. - - - - - - - - - - - xmforums-id-sql-injection(75261) - 53292 - http://packetstormsecurity.org/files/112259/ASP-DEv-XM-Forums-SQL-Injection.html - - - - - - - - - - Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp. - - - - - - - - - - - xmdiary-multiple-sql-injection(75262) - http://packetstormsecurity.org/files/112257/ASP-DEv-XM-Diary-SQL-Injection.html - - - - - - - - - - Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data. - - - - - - - - - - - 20120501 Citrix Provisioning Services SoapServer Heap Buffer Overflow - http://support.citrix.com/article/ctx133039 - citrix-provisioning-server-code-execution(75311) - 1027004 - 81664 - - - - - - - - - - - - - - Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db. - - - - - - - - - 20120805 Dir2web3 Mutiple Vulnerabilities - - - - - - - - - - SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. - - - - - - - - - - - 20120805 Dir2web3 Mutiple Vulnerabilities - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBCode markup in a comment. - - - - - - - - - - http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip - http://joomlacode.org/gf/download/frsrelease/17325/75427/com_rsgallery2_2.3.0.zip - http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html - http://joomlacode.org/gf/project/rsgallery2/news/ - http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. - - - - - - - - - - http://www.opera.com/support/kb/view/1026/ - http://www.opera.com/docs/changelogs/windows/1201/ - http://www.opera.com/docs/changelogs/unix/1201/ - http://www.opera.com/docs/changelogs/mac/1201/ - http://www.opera.com/docs/changelogs/mac/1166/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. - - - - - - - - - - - - http://www.opera.com/support/kb/view/1027/ - http://www.opera.com/docs/changelogs/windows/1201/ - http://www.opera.com/docs/changelogs/unix/1201/ - http://www.opera.com/docs/changelogs/mac/1201/ - http://www.opera.com/docs/changelogs/mac/1166/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. - - - - - - - - - - http://www.opera.com/support/kb/view/1025/ - http://www.opera.com/docs/changelogs/windows/1201/ - http://www.opera.com/docs/changelogs/unix/1201/ - http://www.opera.com/docs/changelogs/mac/1201/ - http://www.opera.com/docs/changelogs/mac/1166/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." - - - - - - - - - - - http://www.opera.com/docs/changelogs/windows/1201/ - http://www.opera.com/docs/changelogs/unix/1201/ - http://www.opera.com/docs/changelogs/mac/1201/ - http://www.opera.com/docs/changelogs/mac/1166/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. - - - - - - - - - http://www.opera.com/docs/changelogs/windows/1201/ - http://www.opera.com/docs/changelogs/unix/1201/ - http://www.opera.com/docs/changelogs/mac/1201/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-16.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4164, CVE-2012-4165, and CVE-2012-4166. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4165, and CVE-2012-4166. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4164, and CVE-2012-4166. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4163, CVE-2012-4164, and CVE-2012-4165. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allows attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow remote attackers to read content from a different domain via a crafted web site. - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. - - - - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-20.html - - - - - - - - - - Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. - - - - - - - - - http://www.adobe.com/support/security/bulletins/apsb12-19.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument. - - - - - - - - - - - http://www.bbc.com/news/technology-19053453 - 20120729 Re: AxMan ActiveX fuzzing <== Memory Corruption PoC - 84402 - http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix - - - - - - - - - - - - - SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter. - - - - - - - - - - - symantec-deptuploads-sql-injection(77264) - 54721 - 20123 - - - - - - - - - - show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file. - - - - - - - - - openSUSE-SU-2012:1062 - https://github.com/phpmyadmin/phpmyadmin/commit/0f0c2f1e2b3ece41cc1bb99a9931c8fcc7c917bc - http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php - - - - - - - - - - - - The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for a directory URI. - - - - - - - - - http://joomlacode.org/gf/download/frsrelease/17326/75428/com_rsgallery2_3.2.0.zip - http://www.rsgallery2.nl/announcements/rsgallery2_3.2.0_and_2.3.0_released_16845.0.html - http://joomlacode.org/gf/project/rsgallery2/news/ - http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/142 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the refresh_page function in application/modules/_main/views/_top.php in Total Shop UK eCommerce Open Source before 2.1.2_p1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. - - - - - - - - - - 54985 - http://www.reactionpenetrationtesting.co.uk/totalshop-uk-generic-xss.html - [oss-security] 20120813 Total Shop UK eCommerce Generic Cross-Site Scripting - 50238 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. - - - - - - - - - - - 54861 - http://www.reactionpenetrationtesting.co.uk/tcexam-sql-injection.html - [oss-security] 20120813 TCExam Edit SQL Injection - http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742 - 50141 - http://freecode.com/projects/tcexam/releases/347125 - 20120814 TCExam Edit SQL Injection - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/code/tce_edit_answer.php in TCExam before 11.3.008 allows remote authenticated users with level 5 or greater permissions to inject arbitrary web script or HTML via the question_subject_id parameter. - - - - - - - - - - http://www.reactionpenetrationtesting.co.uk/tcexam-cross-site-scripting.html - http://tcexam.git.sourceforge.net/git/gitweb.cgi?p=tcexam/tcexam;h=edf6e08622642f1b2421f4355d98250d9e1b0742 - 50141 - http://freecode.com/projects/tcexam/releases/347125 - 20120813 TCExam Edit Cross-Site Scripting - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. - - - - - - - - - https://kb.isc.org/article/AA-00778 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command. - - - - - - - - - - - 55089 - http://www.reactionpenetrationtesting.co.uk/GIMP-scriptfu-python-command-execution.html - [oss-security] 20120820 RE: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution - [oss-security] 20120817 Re: [Full-disclosure] GIMP Scriptfu Python Remote Command Execution - [oss-security] 20120816 GIMP Scriptfu Python Remote Command Execution - 20120816 GIMP Scriptfu Python Remote Command Execution - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page. - - - - - - - - - - http://www.phplist.com/?lid=579 - https://www.httpcs.com/advisory/httpcs26 - https://www.httpcs.com/advisory/httpcs25 - https://www.httpcs.com/advisory/httpcs24 - https://www.httpcs.com/advisory/httpcs23 - https://www.httpcs.com/advisories - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remote_database, (3) remote_userprefix, (4) remote_password, or (5) remote_prefix parameter to the import4 page; or the (6) id parameter to the bouncerule page. - - - - - - - - - - http://www.phplist.com/?lid=579 - https://www.httpcs.com/advisory/httpcs7 - https://www.httpcs.com/advisory/httpcs6 - https://www.httpcs.com/advisory/httpcs4 - https://www.httpcs.com/advisory/httpcs3 - https://www.httpcs.com/advisory/httpcs2 - https://www.httpcs.com/advisory/httpcs1 - https://www.httpcs.com/advisories - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249. - - - - - - - - - - - - VU#122656 - http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368 - http://www.kb.cert.org/vuls/id/MORO-8WKGBN - - - - - - - - - - - The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as demonstrated by using lipc-set-prop to set an LIPC property, a different vulnerability than CVE-2012-4248. - - - - - - - - - - - http://www.kb.cert.org/vuls/id/MORO-8WKGBN - VU#122656 - http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368 - - - - - - - - - - - Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument. - - - - - - - - - - - - samsung-netiviewer-activex-bo(75310) - 53317 - 18808 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/. - - - - - - - - - - mysqldumper-install-xss(75284) - 53306 - 81612 - 81611 - 81610 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php. - - - - - - - - - - - - mysqldumper-main-csrf(75285) - 53306 - 81613 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - - - - - - - - - - Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. - - - - - - - - - mysqldumper-filemanagement-dir-traversal(75286) - mysqldumper-install-file-include(75283) - 53306 - 81615 - 81609 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - - - - - - - - - - MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php. - - - - - - - - - mysqldumper-restore-info-disclosure(75287) - 53306 - 81616 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - - - - - - - - - - MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message. - - - - - - - - - 53306 - 81616 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - - - - - - - - - - The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. - - - - - - - - - jnews-index-info-disclosure(75198) - http://packetstormsecurity.org/files/112233/jNews-7.5.1-Information-Disclosure.html - http://hauntit.blogspot.com/2012/04/en-jnews-jnewscore751-information.html - - - - - - - - - - Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message. - - - - - - - - - yaqas-index-info-disclosure(75205) - http://packetstormsecurity.org/files/112248/Yaqas-CMS-Alpha1-Information-Disclosure.html - http://hauntit.blogspot.com/2012/03/en-yaqas-cms-alpha1-information.html - - - - - - - - - - Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php. - - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=516 - 53394 - 18843 - http://packetstormsecurity.org/files/112480/MYRE-Real-Estate-Mobile-2012-2-Cross-Site-Scripting-SQL-Injection.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information. - - - - - - - - - - xphone-multiple-xss(75221) - 53283 - 18802 - http://security.inshell.net/advisory/16 - 48979 - 81559 - 20120426 C4B XPhone UC Web 4.1.890S R1 - Cross Site Vulnerability - - - - - - - - - - - Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php. - - - - - - - - - - - mycare2xcms-multiple-sql-injection-(75390) - http://www.vulnerability-lab.com/get_content.php?id=524 - 53392 - 81686 - 81685 - 18844 - 49029 - http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html - - - - - - - - - - SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter. - - - - - - - - - - - mycare2xcms-multiple-sql-injection-(75390) - 81684 - 49029 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php. - - - - - - - - - - mycare2x-multiple-xss(75392) - mycar2xcms-mycarepid-xss(75391) - http://www.vulnerability-lab.com/get_content.php?id=524 - 53392 - 81690 - 81689 - 81688 - 81687 - 18844 - 49029 - http://packetstormsecurity.org/files/112462/myCare2x-CMS-Cross-Site-Scripting-SQL-Injection.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852 - betterwpsecurity-admin-xss(75523) - 53480 - http://packetstormsecurity.org/files/112617/WordPress-Better-WP-Security-Cross-Site-Scripting.html - http://bit51.com/software/better-wp-security/changelog/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "server variables," a different vulnerability than CVE-2012-4263. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fbetter-wp-security&old=542852&new_path=%2Fbetter-wp-security&new=542852 - http://bit51.com/software/better-wp-security/changelog/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter. - - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=512 - 18872 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in client_details.php in Proman Xpress 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the cl_comments parameter. NOTE: some of these details are obtained from third party information. - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=512 - 18872 - 49127 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter. - - - - - - - - - - https://github.com/rodnaph/sockso/pull/99/files - https://github.com/rodnaph/sockso/commit/fe2d895ea8eb8b8ccad5a3319f472e45d6ba5136 - https://github.com/rodnaph/sockso/issues/93 - 18868 - http://smwyg.com/blog/#sockso-persistant-xss-attack - 49148 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fbulletproof-security&old=543044&new_path=%2Fbulletproof-security&new=543044 - bulletproofsecurity-admin-xss(75522) - 53478 - http://wordpress.org/extend/plugins/bulletproof-security/changelog/ - http://packetstormsecurity.org/files/112618/WordPress-BulletProof-Security-Cross-Site-Scripting.html - - - - - - - - - - Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message. - Per: http://cwe.mitre.org/data/definitions/434.html 'CWE-434: Unrestricted Upload of File with Dangerous Type' - - - - - - - - - - - efront-upload-file-upload(75443) - 53412 - http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message. - - - - - - - - - efront-admin-xss(75442) - 53412 - http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in bad-behavior-wordpress-admin.php in the Bad Behavior plugin before 2.0.47 and 2.2.x before 2.2.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) httpbl_key, (3) httpbl_maxage, (4) httpbl_threat, (5) reverse_proxy_addresses, or (6) reverse_proxy_header parameter. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807 - badbehavior-optionsgeneral-xss(75521) - 53477 - http://packetstormsecurity.org/files/112619/WordPress-Bad-Behavior-Cross-Site-Scripting.html - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "processing of the buttons of Xing and Pinterest". - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 - http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 - wp2clicksocialmedia-xing-xss(75518) - http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/ - http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and 08-00 before 08-00-/B allows remote attackers to execute arbitrary code via unknown attack vectors. - - - - - - - - - - - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-013/index.html - 49158 - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html - 49144 - - - - - - - - - - - - - - - Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a denial of service via unknown attack vectors. - - - - - - - - - http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html - 49144 - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - http://code.google.com/p/smarty-php/source/detail?r=4612 - 1027061 - http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt - 49164 - http://code.google.com/p/smarty-php/issues/detail?id=98&can=1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes parameter (b) to agentadmin.php or (c) in an addlisting action to agentadmin.php; or unspecified vectors to (d) admin/adminfeatures.php. - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=513 - 53491 - 18874 - 49132 - - - - - - - - - - Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php. - - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=513 - 53491 - 18874 - 49132 - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in admin/agenteditor.php in Free Realty 3.1-0.6 allow remote attackers to hijack the authentication of administrators for requests that (1) add an agent via an addagent action or (2) modify an agent. - - - - - - - - - - - - http://www.vulnerability-lab.com/get_content.php?id=513 - 53491 - 18874 - 49132 - - - - - - - - - - Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. - - - - - - - - - - - travelonexpress-multiple-sql-injection(75540) - http://www.vulnerability-lab.com/get_content.php?id=530 - 53500 - 81886 - 81885 - 81884 - 81883 - 81882 - 18871 - 49118 - - - - - - - - - - SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. - - - - - - - - - - - trombinoscope-photo-sql-injection(75427) - 53398 - http://packetstormsecurity.org/files/112488/Trombinoscope-3.5-SQL-Injection.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter. - - - - - - - - - - http://plugins.trac.wordpress.org/changeset/541069 - http://wordpress.org/extend/plugins/login-with-ajax/changelog/ - 49013 - - - - - - - - - - - - - - - - - - - - - - - The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44247 - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=44247&r2=44246&pathrev=44247 - openSUSE-SU-2012:1067 - http://www.wireshark.org/security/wnpa-sec-2012-13.html - openSUSE-SU-2012:1035 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file. - - - - - - - - - - http://anonsvn.wireshark.org/viewvc?revision=44074&view=revision - http://anonsvn.wireshark.org/viewvc/trunk/wiretap/pcapng.c?r1=44074&r2=44073&pathrev=44074 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533 - http://www.wireshark.org/security/wnpa-sec-2012-24.html - - - - - - - - - - - epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length. - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-mongo.c?r1=44288&r2=44287&pathrev=44288 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7572 - http://www.wireshark.org/security/wnpa-sec-2012-14.html - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44288 - - - - - - - - - - - Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. - - - - - - - - - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44289 - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-xtp.c?r1=44289&r2=44288&pathrev=44289 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7571 - http://www.wireshark.org/security/wnpa-sec-2012-15.html - openSUSE-SU-2012:1035 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7603 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44317 - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-afp.c?r1=44317&r2=44316&pathrev=44317 - openSUSE-SU-2012:1067 - http://www.wireshark.org/security/wnpa-sec-2012-17.html - openSUSE-SU-2012:1035 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. - - - - - - - - - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7573 - http://www.wireshark.org/security/wnpa-sec-2012-23.html - openSUSE-SU-2012:1035 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. - - - - - - - - - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7570 - http://www.wireshark.org/security/wnpa-sec-2012-20.html - openSUSE-SU-2012:1035 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. - - - - - - - - - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44366 - http://anonsvn.wireshark.org/viewvc/trunk/epan/emem.c?r1=44380&r2=44379&pathrev=44380 - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-stun.c?r1=44366&r2=44365&pathrev=44366 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7569 - http://www.wireshark.org/security/wnpa-sec-2012-21.html - openSUSE-SU-2012:1035 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44380 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. - - - - - - - - - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7562 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=43149 - http://anonsvn.wireshark.org/viewvc/trunk/plugins/ethercat/packet-ecatmb.c?r1=43149&r2=43148&pathrev=43149 - openSUSE-SU-2012:1067 - http://www.wireshark.org/security/wnpa-sec-2012-22.html - openSUSE-SU-2012:1035 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value. - - - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 - http://www.wireshark.org/security/wnpa-sec-2012-16.html - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377 - - - - - - - - - - - Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563 - http://www.wireshark.org/security/wnpa-sec-2012-16.html - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419 - - - - - - - - - - - Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-rtps2.c?r1=44320&r2=44319&pathrev=44320 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7568 - http://www.wireshark.org/security/wnpa-sec-2012-18.html - openSUSE-SU-2012:1035 - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44320 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet. - - - - - - - - - - - http://anonsvn.wireshark.org/viewvc?view=revision&revision=44307 - http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-gsm_rlcmac.h?r1=44307&r2=44306&pathrev=44307 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7561 - http://www.wireshark.org/security/wnpa-sec-2012-19.html - - - - - - - - - - - - - - - - - - - - - Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow. - - - - - - - - - - - http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075 - openSUSE-SU-2012:1067 - https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533 - http://www.wireshark.org/security/wnpa-sec-2012-25.html - http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php. - - - - - - - - - - - - vacationrentallisting-index-csrf(74683) - http://packetstormsecurity.org/files/111564/Vacation-Rental-Listing-Cross-Site-Request-Forgery.html - 80948 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts. - - - - - - - - - - - - utopianewspro-users-csrf(74760) - 18720 - 80986 - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in commonsettings.php in AlstraSoft Site Uptime Enterprise, possibly 5.4, allows remote attackers to hijack the authentication of administrators. - - - - - - - - - - - - alstrasoftsiteuptime-commonsettings-csrf(74682) - 48707 - http://packetstormsecurity.org/files/111563/AlstraSoft-Site-Uptime-Cross-Site-Request-Forgery.html - 80947 - - - - - - - - - - Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack vectors. - - - - - - - - - - - http://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-image-news-slider&old=529740&new_path=%2Fwp-image-news-slider&new=529740 - image-news-wordpress-multiple-unspecified(74788) - 52977 - http://wordpress.org/extend/plugins/wp-image-news-slider/other_notes/ - 48747 - - - - - - - - - - - - Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors. - - - - - - - - - - - https://www.vbulletin.com/forum/showthread.php/400165-vBulletin-Security-Patch-for-vBulletin-4-1-12-for-Suite-amp-Forum-04-23-2012 - https://www.vbulletin.com/forum/showthread.php/400164-vBulletin-Security-Patch-for-vBulletin-4-1-2-4-1-11-for-Suite-amp-Forum-04-23-2012 - https://www.vbulletin.com/forum/showthread.php/400162-vBulletin-3-x-MAPI-Plugin-1-4-3-released-with-security-patch-04-23-2012 - 53226 - 48917 - - - - - - - - - - - - - - - - - - The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. - - - - - - - - - samsungtv-controller-packet-dos(74927) - 1026976 - 53161 - 81221 - 18751 - 20120419 Vulnerabilities in Samsung TV (remote controller protocol) - http://aluigi.org/adv/samsux_1-adv.txt - - - - - - - - - - The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow. - - - - - - - - - samsungtv-string-dos(74928) - 1026976 - 53161 - 81222 - 18751 - 20120419 Vulnerabilities in Samsung TV (remote controller protocol) - http://aluigi.org/adv/samsux_1-adv.txt - - - - - - - - - - Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151. - - - - - - - - - - - 1026970 - [Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables - - - - - - - - - - - - - - The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK. - - - - - - - - - 53241 - http://wordpress.org/extend/plugins/shareyourcart/changelog/ - 48960 - - - - - - - - - - Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - netiware-activex-control-bo(75070) - 53193 - 18765 - 48966 - - - - - - - - - - The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - netiware-activex-code-execution(75069) - 53193 - 18765 - 48965 - - - - - - - - - - Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information. - - - - - - - - - netiware-storage-dos(75066) - 53193 - 18765 - 48825 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary parameter. - - - - - - - - - - https://www.htbridge.com/advisory/HTB23110 - flogr-index-any-xss(78311) - flogr-index-xss(78310) - 55418 - 20120905 Cross-Site Scripting (XSS) Vulnerabilities in Flogr - - - - - - - - - - - - - - - - - - - Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross references. - - - - - - - - - - - - 55150 - 84808 - http://www.foxitsoftware.com/Secure_PDF_Reader/security_bulletins.php - http://technet.microsoft.com/security/msvr/msvr12-013 - 1027424 - 50359 - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - JVNDB-2012-000047 - JVN#47662377 - - - - - - - - - - - - - - - - - - - - - Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. - - - - - - - - - - - https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840 - https://service.sap.com/sap/support/notes/1649838 - http://www.zerodayinitiative.com/advisories/ZDI-12-112/ - http://www.zerodayinitiative.com/advisories/ZDI-12-111/ - http://www.zerodayinitiative.com/advisories/ZDI-12-104/ - 1027211 - 49744 - http://scn.sap.com/docs/DOC-8218 - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - FEDORA-2012-9666 - FEDORA-2012-9705 - http://gallery.menalto.com/gallery_3_0_4 - - - - - - - - - - - - - - - - - Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow attackers to execute arbitrary PHP code via unknown vectors. - - - - - - - - - - - FEDORA-2012-9666 - FEDORA-2012-9705 - http://gallery.menalto.com/gallery_3_0_4 - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold 15.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. - - - - - - - - - - ipswitch-whatsupgold-snmpd-xss(77150) - 20035 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. - - - - - - - - - - http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php - openSUSE-SU-2012:1062 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a crafted port-46824 TCP packet that triggers an incorrect file-open attempt by the _TCPIPS_BinOpenFileFP function, a different vulnerability than CVE-2012-3815. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=69 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=69 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering incorrect function-pointer processing that can lead to a buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4354. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=70 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98. - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=69 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 might allow remote attackers to execute arbitrary code by referencing, within a port-46824 TCP packet, an invalid file-pointer index that leads to execution of an EnterCriticalSection code block. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=69 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted positive integer after the opcode. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=69 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or possibly have unspecified other impact via a port-46824 TCP packet with a crafted negative integer after the opcode. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4358. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-213-01.pdf - http://www.sielcosistemi.com/en/news/index.html?id=70 - 49395 - http://aluigi.org/adv/winlog_2-adv.txt - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4360 - https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 - - - - - - - - - - - lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter. - - - - - - - - - - - VU#441363 - 18901 - 18893 - - - - - - - - - - - - - hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838. - - - - - - - - - VU#441363 - 18901 - 18893 - - - - - - - - - - Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems." - - - - - - - - - - - - http://vexillium.org/dl.php?ar_callstack.txt - http://j00ru.vexillium.org/?p=1175 - http://gynvael.coldwind.pl/?id=483 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute. - - - - - - - - - - - - https://issues.apache.org/jira/browse/WW-3858 - apache-struts-csrf(78182) - 55346 - [oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011 - [oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011 - http://struts.apache.org/2.x/docs/s2-010.html - 50420 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression. - - - - - - - - - http://struts.apache.org/2.x/docs/s2-011.html - https://issues.apache.org/jira/browse/WW-3860 - apache-struts-parameters-dos(78183) - 55346 - [oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011 - [oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011 - 50420 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398. - - - - - - - - - http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=323986&r2=323985&pathrev=323986 - https://bugs.php.net/bug.php?id=60227 - http://security-tracker.debian.org/tracker/CVE-2012-4388 - [oss-security] 20120906 Re: Re: php header() header injection detection bypass - [oss-security] 20120905 Re: php header() header injection detection bypass - [oss-security] 20120901 Re: php header() header injection detection bypass - [oss-security] 20120829 php header() header injection detection bypass - [internals] 20120203 [PHP-DEV] The case of HTTP response splitting protection in PHP - - - - - - - - - - Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. - Per: http://cwe.mitre.org/data/definitions/184.html - -'CWE-184: Incomplete Blacklist' - - - - - - - - - - - https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a - [oss-security] 20120901 Re: CVE - ownCloud - - - - - - - - - - - - - - - - - - - - (1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors. - - - - - - - - - https://github.com/owncloud/core/commit/4682846d3ecdad15c6a60126dda75eb7fa97c707 - [oss-security] 20120901 Re: CVE - ownCloud - http://owncloud.org/changelog/ - - - - - - - - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the app configurations. - - - - - - - - - - - - https://github.com/owncloud/core/commit/5192eecce239a0b7ade1e60a6cf03075e5cfc188 - [oss-security] 20120901 Re: CVE - ownCloud - http://owncloud.org/changelog/ - - - - - - - - - - - - - - - - - - - - index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value. - - - - - - - - - - - https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (2) delBookmark.php, or (3) editBookmark.php in bookmarks/ajax/; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) or share/unshare.php in calendar/ajax/; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, or (37) tasks/ajax/edittask.php in apps/; or administrators for requests that use (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, or (49) togglegroups.php in settings/ajax/. - - - - - - - - - - - - https://github.com/owncloud/core/commit/93579d88dcea389205c01ddf6da41f37ad9b8745 - https://github.com/owncloud/core/commit/38271ded753bc9ea9943cef3c2706f8d71f3a58f - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - http://owncloud.org/changelog/ - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. - - - - - - - - - - https://github.com/owncloud/core/commit/d203fa2c50f4b2791e68e2b8ab9a0f8b94f9c9f8 - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter. - - - - - - - - - - https://github.com/owncloud/core/commit/0074062b5329c3d43679909fddce2d70608a4475 - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php. - - - - - - - - - - https://github.com/owncloud/core/commit/f955f6a6857754826af8903475688ba54f72c1bb - https://github.com/owncloud/core/commit/f8337c9d723039760eecccf68bcb02752551e254 - https://github.com/owncloud/core/commit/e817504569dce49fd7a677fa510e500394af0c48 - https://github.com/owncloud/core/commit/d294373f476c795aaee7dc2444e7edfdea01a606 - https://github.com/owncloud/core/commit/cc653a8a408adfb4d0cd532145668aacd85ad96c - https://github.com/owncloud/core/commit/8f616ecf76aac4a8b554fbf5a90b1645d0f25438 - https://github.com/owncloud/core/commit/8f09299e2468dfc4f9ec72b05acf47de3ef9d1d7 - https://github.com/owncloud/core/commit/642e7ce110cb8c320072532c29abe003385d50f5 - https://github.com/owncloud/core/commit/44260a552cd4ee50ee11eee45164c725f56f7027 - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php. - - - - - - - - - - https://github.com/owncloud/core/commit/54a371700554ed21a5cb7db03126b6c95ae4cbd3 - https://github.com/owncloud/core/commit/00595351400523168e18a08e3ffa5c3b1e7c1f6e - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - http://owncloud.org/changelog/ - - - - - - - - - - - - - - security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. - - - - - - - - - - - [oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups - [oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups - DSA-2538 - 50496 - 50474 - http://moinmo.in/SecurityFixes - http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 - - - - - - - - - - - - - - The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison. - - - - - - - - - https://trac.torproject.org/projects/tor/ticket/6690 - [tor-talk] 20120905 Tor 0.2.3.21-rc is out - https://gitweb.torproject.org/tor.git/commit/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5 - https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes - [oss-security] 20120912 Re: CVE id request: tor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature. - - - - - - - - - http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file2 - [oss-security] 20120913 Re: CVEs for wordpress 3.4.2 release - http://codex.wordpress.org/Version_3.4.2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role. - - - - - - - - - http://core.trac.wordpress.org/changeset?old_path=%2Ftags%2F3.4.1&old=21780&new_path=%2Ftags%2F3.4.2&new=21780#file42 - [oss-security] 20120913 Re: CVEs for wordpress 3.4.2 release - http://codex.wordpress.org/Version_3.4.2 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of "password" for the root account, which allows remote attackers to obtain administrative access via an SSH session. - - - - - - - - - - - http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity - - - - - - - - - - - - - The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack. - - - - - - - - - [freebsd-security] 20120820 [HEADSUP] geli(4) weak master key generation on -CURRENT - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. - - - - - - - - - - http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. - - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive information by reading a backup file, as demonstrated by obtaining password hashes. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10020 - - - - - - - - - - - - - - - McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10021 - - - - - - - - - - - - - McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10021 - - - - - - - - - - - - - Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable. - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - - - - - - - - - - - About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 discloses the name of the user account for an IIS worker process, which allows remote attackers to obtain potentially sensitive information by visiting this page. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - - - - - - - - - - - The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10022 - - - - - - - - - - - McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10023 - - - - - - - - - - - - - - - - - - - McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10025 - - - - - - - - - - - - - - - - - - - - McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to bypass authentication and obtain an admin session ID via unspecified vectors. - - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10026 - - - - - - - - - - - - - - - Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL. - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10026 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard. - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10026 - - - - - - - - - - - - - - - An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site. - - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10028 - - - - - - - - - - - - - - - McAfee SmartFilter Administration, and SmartFilter Administration Bess Edition, before 4.2.1.01 does not require authentication for access to the JBOSS Remote Method Invocation (RMI) interface, which allows remote attackers to execute arbitrary code via a crafted .war file. - - - - - - - - - - - https://kc.mcafee.com/corporate/index?page=content&id=SB10029 - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags. - - - - - - - - - - VU#511404 - http://znuny.com/en/#!/advisory/ZSA-2012-02 - http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2012-02/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. - - - - - - - - - 20120430 NGS00138 Technical Advisory: Websense Triton 7.6 - authentication bypass in report management UI - - - - - - - - - - - - - - - - - - - The default configuration of the SMTP component in Websense Email Security 6.1 through 7.3 enables weak SSL ciphers in the "SurfControl plc\SuperScout Email Filter\SMTP" registry key, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data. - - - - - - - - - http://www.websense.com/support/article/kbarticle/SSL-TLS-weak-and-export-ciphers-detected-in-Websense-Email-Security-deployments - - - - - - - - - - - - - The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603. - - - - - - - - - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/. - - - - - - - - - - http://freecode.com/projects/squidclamav/releases/346722 - [oss-security] 20120816 Re: CVE Request: SquidClamav insufficient escaping flaws - [oss-security] 20120816 CVE Request: SquidClamav insufficient escaping flaws - http://squidclamav.darold.net/news.html - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. - - - - - - - - - - https://github.com/roundcube/roundcubemail/commit/c086978f6a91eacb339fd2976202fca9dad2ef32 - [oss-security] 20120820 Re: CVE-request: Roundcube XSS issues - [oss-security] 20120820 CVE-request: Roundcube XSS issues - http://trac.roundcube.net/ticket/1488613 - http://sourceforge.net/news/?group_id=139281&id=309011 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. - - - - - - - - - - http://xmpp.org/resources/security-notices/server-dialback/ - http://isode.com/company/wordpress/xmpp-server-dialback/ - - - - - - - - - - - Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response. - - - - - - - - - - https://projects.tigase.org/projects/tigase-server/repository/revisions/2953/diff - http://xmpp.org/resources/security-notices/server-dialback/ - http://www.tigase.org/content/finally-version-510-final-available - - - - - - - - - - psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. - - - - - - - - - - http://xmpp.org/resources/security-notices/server-dialback/ - http://www.psyced.org/files/psyced-20120821.tar.bz2 - - - - - - - - - - - - - Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. - - - - - - - - - - http://xmpp.org/resources/security-notices/server-dialback/ - - - - - - - - - - SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477. - - - - - - - - - - - https://github.com/mweimerskirch/neoinvoice/commit/501a9d5d261c718913cfc13d212b09b56f3bf087 - https://github.com/tlhunter/neoinvoice/issues/2 - http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/ - - - - - - - - - - PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID. - - - - - - - - - http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6 - http://telechargements.pluxml.org/changelog - - - - - - - - - - Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update. - - - - - - - - - - pluxml-unspecified-xss(75331) - 53367 - http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6 - http://telechargements.pluxml.org/changelog - 49026 - - - - - - - - - - The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. - - - - - - - - - [oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X) - http://code.google.com/p/tunnelblick/issues/detail?id=212 - 20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick - - - - - - - - - - Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. - - - - - - - - - - - http://code.google.com/p/tunnelblick/issues/detail?id=212 - - - - - - - - - - munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. - - - - - - - - - https://bugzilla.redhat.com/show_bug.cgi?id=812889 - 53034 - [oss-security] 20120429 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120427 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120419 Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120418 Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120418 Re: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120417 Re: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120416 Re: CVE Request (minor) -- Two Munin graphing framework flaws - [oss-security] 20120416 CVE Request (minor) -- Two Munin graphing framework flaws - http://munin-monitoring.org/changeset/4825 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter. - - - - - - - - - - http://www.sourcefabric.org/en/newscoop/latestrelease/1141/Newscoop-355-and-Newscoop-4-RC4-security-releases.htm - https://www.htbridge.com/advisory/HTB23084 - newscoop-multiple-xss(74781) - 52941 - 48769 - http://dev.sourcefabric.org/browse/CS-4184 - - - - - - - - - - - - - - Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI. - - - - - - - - - http://www.foofus.net/?page_id=616 - 50297 - - - - - - - - - - Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. - - - Per: http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html - -'7 Update 6 and before' - - - - - - - - - - - https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html - http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html - http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/ - http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html - http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html - - - - - - - - - - - - - - - - - - - - - - - Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4683. - - - - - - - - - https://en.bitcoin.it/wiki/CVEs - 85353 - - - - - - - - - - - - - Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-4682. - - - - - - - - - https://en.bitcoin.it/wiki/CVEs - 85354 - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP 5.1.1 before patch 6, 5.5 before patch 4, and 5.6.0 before patch 1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index. - - - - - - - - - - peakflowsp-login-xss(74648) - 52881 - 48728 - 20120404 Re: Arbor Networks Peakflow SP web interface XSS - 20120404 Re: Arbor Networks Peakflow SP web interface XSS - 20120403 Arbor Networks Peakflow SP web interface XSS - - - - - - - - - - - - SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter. - - - - - - - - - - - 52897 - 80962 - 20120404 vBulletin 4.1.10 Sql Injection Vulnerabilitiy - - - - - - - - - - The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations. - - - - - - - - - - http://www.sophos.com/support/knowledgebase/1376/1380/114138.aspx - - - - - - - - - - channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. - - - - - - - - - - - http://downloads.asterisk.org/pub/security/AST-2012-013.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do. - - - - - - - - - - https://www.barracudanetworks.com/ns/support/tech_alert.php - sslvpn680-multiple-xss(77365) - 1027279 - 54761 - 20120731 Barracuda SSL VPN 680 - Cross Site Scripting Vulnerabilities - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. - - - - - - - - - - packetfence-unspecified-xss(74887) - 53027 - [Packetfence-announce] 20120413 PacketFence 3.3.0 released! - 48833 - - - - - - - - - - The RADIUS extension in PacketFence before 3.3.0 uses a different user name than is used for authentication for users with custom VLAN assignment extensions, which allows remote attackers to spoof user identities via the User-Name RADIUS attribute. - - - - - - - - - http://www.packetfence.org/bugs/view.php?id=1390 - [Packetfence-announce] 20120413 PacketFence 3.3.0 released! - - - - - - - - - - The web_node_register function in web.pm in PacketFence before 3.0.2 might allow remote attackers to execute arbitrary code via unspecified vectors. - - - - - - - - - - - http://www.packetfence.org/bugs/view.php?id=763 - http://www.packetfence.org/bugs/changelog_page.php - - - - - - - - - - Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters. - - - - - - - - - - - sichesearch-ssearch-sql-injection(74916) - http://www.vulnerability-lab.com/get_content.php?id=504 - 53035 - 81178 - 20120414 Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities - - - - - - - - - - Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter. - - - - - - - - - - sichesearch-ssearch-xss(74914) - http://www.vulnerability-lab.com/get_content.php?id=504 - 53035 - 81179 - 20120414 Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities - - - - - - - - - - Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. - - - - - - - - - - http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6.x_(asp)%5D_xss - acuitycms-login-xss(74919) - 53048 - 20120417 Acuity CMS 2.6.x <= Cross Site Scripting - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. - - - - - - - - - - - - 18722 - - - - - - - - - - Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to read (1) template (aka .tmpl) files, (2) other custom extension files under extensions/, or (3) custom documentation files under docs/ via a direct request. - - - - - - - - - https://bugzilla.mozilla.org/show_bug.cgi?id=785522 - https://bugzilla.mozilla.org/show_bug.cgi?id=785511 - http://www.bugzilla.org/security/3.6.10/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393. - - - - - - - - - https://github.com/owncloud/core/commit/9605e1926c6081e88326bf78a02c1d1b83126c4f - [oss-security] 20120901 Re: CVE - ownCloud - [oss-security] 20120810 ownCloud - matching CVEs to fix information and vice versa - http://owncloud.org/changelog/ - - - - - - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. - - - - - - - - - - - - http://owncloud.org/changelog/ - - - - - - - - - - - - - - - - - - Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' - - - - - - - - - - - - - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php - 47797 - - - - - - - - - - Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' - - - - - - - - - - - - - - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php - http://www.scitools.com/support/buildLogs/understand26_build_log.html - 47921 - - - - - - - - - - Multiple untrusted search path vulnerabilities in CyberLink LabelPrint 2.5.3602 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .lpp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - - 49281 - - - - - - - - - - Multiple untrusted search path vulnerabilities in CyberLink StreamAuthor 4.0 build 3308 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .sta or .stp file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - - 49290 - - - - - - - - - - Multiple untrusted search path vulnerabilities in CyberLink PowerProducer 5.5.3.2325 allow local users to gain privileges via a Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .ppp or .rdf file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' - - - - - - - - - - - - - - 49295 - - - - - - - - - - Untrusted search path vulnerability in facebook_plugin.fpi in the Facebook plug-in in Foxit Reader 5.3.1.0606 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .pdf file. NOTE: some of these details are obtained from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - - 50348 - 20120823 foxit reader 5.3.1(dwmapi.dll) DLL Hijacking Exploit - - - - - - - - - - The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. - - - - - - - - - aix-nfsv4-gid-dos(78431) - IV26436 - IV17855 - IV12169 - IV11629 - IV10327 - http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file. - - - - - - - - - - - - winlicense-xml-code-execution(74170) - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php - 52650 - 18637 - http://packetstormsecurity.org/files/111034 - - - - - - - - - - Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file. - - - - - - - - - - - - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5079.php - 18636 - http://packetstormsecurity.org/files/111031 - - - - - - - - - - Untrusted search path vulnerability in Xtreme RAT 3.5 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as the current working directory. NOTE: some of these details are obtained from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path' - - - - - - - - - - - - xtreme-rat-dll-code-execution(74151) - 52542 - http://packetstormsecurity.org/files/110949/Xtreme-RAT-DLL-Hijack.html - - - - - - - - - - Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. - - - - - - - - - 18635 - http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html - - - - - - - - - - SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. - - - - - - - - - - - 52636 - http://exploitsdownload.com/exploit/na/kunena-20-sql-injection - - - - - - - - - - The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action. - - - - - - - - - - - freepbx-callmepage-command-exec(74174) - 52630 - http://www.freepbx.org/trac/ticket/5711 - 18659 - 18649 - 48463 - 20120320 FreePBX remote command execution, xss - http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php. - - - - - - - - - - freepbx-multiple-xss(74173) - 52630 - http://www.freepbx.org/trac/ticket/5711 - 18649 - 48475 - 48463 - 20120320 FreePBX remote command execution, xss - http://packetstormsecurity.org/files/111028/FreePBX-2.10.0-Remote-Command-Execution-XSS.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter. - - - - - - - - - - litespeed-graphhtml-xss(74144) - 48400 - http://packetstormsecurity.org/files/110974/LiteSpeed-4.1.11-Cross-Site-Scripting.html - http://k1p0d.com/?p=25 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description. - - - - - - - - - - kayakofusion-submitticket-xss(74143) - 52625 - http://wiki.kayako.com/display/DOCS/4.40.986 - http://wiki.kayako.com/display/DOCS/4.40.985 - http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html - 48462 - - - - - - - - - - Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter. - - - - - - - - - - 52622 - 18627 - http://sir.co.kr/bbs/board.php?bo_table=g4_pds&wr_id=7156 - 48458 - - - - - - - - - - Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads." - - - - - - - - - - - 52861 - http://wordpress.org/extend/plugins/another-wordpress-classifieds-plugin/changelog/ - 47335 - 80881 - - - - - - - - - - ** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it. - - - - - - - - - - - - ghostscript-outputfile-bo(74554) - 52864 - 47855 - http://bugs.ghostscript.com/show_bug.cgi?id=692856 - - - - - - - - - - Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method. - Per Secunia (http://secunia.com/advisories/48601)"The vulnerability is confirmed in version 1.1.52.18. Other versions may also be affected." - - - - - - - - - - - 52760 - 18675 - 48601 - http://retrogod.altervista.org/9sg_trendnet_adv.htm - 80661 - 20120328 TRENDnet SecurView TV-IP121WN Wireless Internet Camera UltraMJCam ActiveX Control OpenFileDlg WideCharToMultiByte Remote Stack Buffer Overflow - - - - - - - - - - - - - Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts. - - - - - - - - - - - - flatnux-controlcenter-csrf(74567) - http://www.vulnerability-lab.com/get_content.php?id=487 - 52846 - 48656 - http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html - 80878 - - - - - - - - - - - - - Absolute path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. - - - - - - - - - flatnux-controlcenter-directory-traversal(74568) - http://www.vulnerability-lab.com/get_content.php?id=487 - 52846 - http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html - - - - - - - - - - The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. - - - - - - - - - - - http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-02.pdf - http://www.wago.com/wagoweb/documentation/app_note/a1176/a117600e.pdf - - - - - - - - - - - - Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contains a .dar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - - 47282 - - - - - - - - - - - - - Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - - 47284 - - - - - - - - - - Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426: Untrusted Search Path' - - - - - - - - - - - - 48923 - - - - - - - - - - Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - Per: http://cwe.mitre.org/data/definitions/426.html - -'CWE-426 Untrusted Search Path' - - - - - - - - - - - - 48924 - - - - - - - - - - The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function. - - - - - - - - - https://bugzilla.wikimedia.org/show_bug.cgi?id=35315 - https://bugzilla.wikimedia.org/show_bug.cgi?id=22555 - 52689 - [oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2 - [oss-security] 20120322 MediaWiki security and maintenance release 1.18.2 - 48504 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2 - [MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3 - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. - - - - - - - - - - firewallanalyzer-multiple-xss(74538) - http://www.vulnerability-lab.com/get_content.php?id=437 - 52841 - 48657 - http://packetstormsecurity.org/files/111474/VL-437.txt - 80875 - 80874 - 80873 - 80872 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery. - - - - - - - - - - flatnux-index-xss(74566) - http://www.vulnerability-lab.com/get_content.php?id=487 - 52846 - 80877 - 48676 - 48656 - http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - - - - - - - - - - 48657 - 80874 - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - - - - - - - - - - flatnux-index-xss(74566) - 80877 - 48656 - - - - - - - - - - - - - - Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982. - - - - - - - - - - - - VU#788478 - http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf - http://americaninfosec.com/research/index.html - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=138210 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. - - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=138035 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." - - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=144813 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=144820 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. - - - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=137532 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. - - - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=144866 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. - - - - - - - - - https://code.google.com/p/chromium/issues/detail?id=141889 - http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html - - - - - - - - - - The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. - - - - - - - - - https://trac.torproject.org/projects/tor/ticket/6811 - [tor-talk] 20120912 Tor 0.2.3.22-rc is out - https://gitweb.torproject.org/tor.git/commit/973c18bf0e84d14d8006a9ae97fde7f7fb97e404 - https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes - [oss-security] 20120912 CVE id request: tor - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_users.cgi. - - - - - - - - - - endianfirewall-multiple-xss(73330) - http://www.vulnerability-lab.com/get_content.php?id=436 - 52076 - http://packetstormsecurity.org/files/109942/Endian-UTM-Firewall-2.4.x-Cross-Site-Scripting.html - - - - - - - - - - Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method. - - - - - - - - - - - - net4switch-activex-bo(73384) - 52110 - 18538 - 48125 - 79438 - http://dsecrg.com/pages/vul/show.php?id=417 - - - - - - - - - - - - - Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. - - - - - - - - - - - imgpalsphotohost-approve-sql-injection(73526) - 52195 - 79670 - 18544 - 48182 - 20120228 ImgPals Photo Host Version 1.0 Admin Account Disactivation - - - - - - - - - - approve.php in Img Pals Photo Host 1.0 does not authenticate requests, which allows remote attackers to change the activation of administrators via the u parameter in an (1) app0 (disable) or (2) app1 (enable) action. - - - - - - - - - - 18544 - 20120228 ImgPals Photo Host Version 1.0 Admin Account Disactivation - - - - - - - - - - SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. - - - - - - - - - - - phpsurveyor-index-sql-injection(73395) - 52114 - http://www.limesurvey.org/en/stable-release - 18508 - 48051 - http://packetstormsecurity.org/files/110100/limesurvey-sql.txt - 79459 - http://freecode.com/projects/limesurvey/releases/342070 - - - - - - - - - - - - - - - - - - - Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter. - - - - - - - - - - oxwall-multiple-xss(73399) - 52125 - http://packetstormsecurity.org/files/110046/Oxwall-1.1.1-Cross-Site-Scripting.html - http://advisories.ariko-security.com/2012/audyt_bezpieczenstwa_2m2.html - - - - - - - - - - The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. - - - - - - - - - https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212 - https://gist.github.com/3696912 - https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls - https://chromiumcodereview.appspot.com/10825183 - https://bugzilla.redhat.com/show_bug.cgi?id=857051 - http://www.theregister.co.uk/2012/09/14/crime_tls_attack/ - http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091 - http://www.ekoparty.org/2012/thai-duong.php - http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 - http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312 - http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor - http://news.ycombinator.com/item?id=4510829 - http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html - http://code.google.com/p/chromium/issues/detail?id=139744 - http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ - - - - - - - - - - - - - The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. - - - - - - - - - - https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls - https://bugzilla.redhat.com/show_bug.cgi?id=857737 - http://www.theregister.co.uk/2012/09/14/crime_tls_attack/ - http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091 - http://www.ekoparty.org/2012/thai-duong.php - http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312 - http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html - http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/ - - - - - - - - - - - - - Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976. - - - https://github.com/silverstripe/sapphire/commit/0085876 - [oss-security] 20120430 Re: CVE-request: SilverStripe before 2.4.4 - [oss-security] 20120430 CVE-request: SilverStripe before 2.4.4 - http://doc.silverstripe.org/framework/en/trunk/changelogs/2.4.7 - http://doc.silverstripe.org/framework/en/trunk/changelogs/2.3.13 - - - \ No newline at end of file diff --git a/src/test/resources/nvdcve.xsd b/src/test/resources/nvdcve.xsd deleted file mode 100644 index c6a695166..000000000 --- a/src/test/resources/nvdcve.xsd +++ /dev/null @@ -1,498 +0,0 @@ - - - - This schema defines the structure of the National - Vulnerability Database XML feed files version: 1.2. The elements and - attribute in this document are described by xs:annotation tags. This - file is kept at http://nvd.nist.gov/schema/nvdcve.xsd. The NVD XML - feeds are available at http://nvd.nist.gov/download.cfm. - - Release Notes: - - Version 1.2: - * CVSS version 2 scores and vectors have been added. Please see - http://nvd.nist.gov/cvss.cfm?vectorinfo and - http://www.first.org/cvss/cvss-guide.html for more information on - how to interpret this data. - - - - The root element of the NVD CVE feed. Multiple "entry" child elements describe specific NVD CVE entries. - - - - - - - - The schema version number supported by the feed. - - - - - The date the feed was generated. - - - - - - - - A CVE entry. - - - - - - - - - Documents one CVE entry. The child elements should always - appear in the sequence defined below. These elements are compatible with - entry elements from the CVE XML feeds. - - - - - Description wrapper tag, parent to any - documented descriptions of this CVE entry. While the "desc" - tag will always be present, there may be no "descript" child - tags. Only one "descript" tag will exist for each - description source (i.e. CVE, NVD, ...). - - - - - - A description of a CVE entry - from the source indicated by the "source" - attribute. - - - - - - - - Impact wrapper tag (may or may not be - present). Only one "impact" tag will exist for each impact - explanation source. - - - - - - Contains a specific impact - explanation of this CVE entry from source - indicated by the "source" attribute. - - - - - - - - - Solution wrapper tag (may or may not be - present). Only one "sol" tag will exist for each solution - explanation source. - - - - - Loss type tag (may or may not be present). - Contains one loss type child for each loss type of this CVE - entry. Potential loss types are: "avail" => availability - "conf" => confidentiality "int" => integrity "sec_prot" => - security protection - - - - - Vulnerability type tag (may or may not be - present). Contains one vulnerability type child for each - vulnerability type of this CVE entry. Potential - vulnerability types are: "access" => Access validation error - "input" => Input validation error "design" => Design error - "exception" => Exceptional condition error "env" => - Environmental error "config" => Configuration error "race" - => Race condition error "other" => other - - - - - Vulnerability range tag (may or may not be - present). Contains one vulnerability range child for each - vulnerability range of this CVE entry. Potential - vulnerability ranges are: "local" => Locally exploitable - "local_network" => Local network exploitable "network" => - Network exploitable "user_init" => User accesses attacker - - - - - - Reference wrapper tag (always present). - External references to this CVE entry are contained within - this tag. - - - - - - Individual reference to this CVE - entry. Text is the name of this vulnerability at - this particular reference. Attributes: "source" - (required) => Name of reference source "url" - (required) => hyperlink to reference "sig" => - indicates this reference includes a tool - signature "adv" => indicates this reference is a - Security Advisory "patch" => indicates this - reference includes a patch for this - vulnerability - - - - - - - - Vulnerable software wrapper tag (may or may - not be present). Software affected by this CVE entry are - listed within this tag. - - - - - - CVE or CAN - - - - - - - - - - - the full CVE name - - - - - - - - - - the sequence number from CVE name - - - - - - - - - - the NVD name (if it exists) - - - - - the date this entry was discovered - - - - - the date this entry was published - - - - - the date this entry was last modified - - - - - the entry's severity as determined by the NVD analysts: High, Medium, or Low - - - - - - - - - - - - indicates that this CVE entry has been rejected by CVE or NVD - - - - - the CVSS Version Indicator - - - - - Same as the CVSS_base_score to provide backwards compatability with the previous CVE XML feed format. This field is deprecated an may be removed at a future date. - - - - - CVSS version 2 Base Score - - - - - CVSS version 2 Impact Score - - - - - CVSS version 2 Exploit Score - - - - - the CVSS version 2 Vector string - - - - - - - - - - The source of the CVE description. - - - - - - - - - - - - - - - - - - - - - Input validation error tag with - one attribute for each input validation error - type. Potential input validation error types - are: "bound" => Boundary condition error - "buffer" => Buffer overflow - - - - - - - - - - - - - - - - - - - - Contains a specific solution - explanation of this CVE entry from source - indicated by the "source" attribute. - - - - - - - - - - - - - - - - - - - - - - Security Protection tag with one - attribute for each security protection type. - Potential security protection types are: "admin" - => gain administrative access "user" => gain - user access "other" => other - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Product wrapper tag. Versions of - this product that are affected by this - vulnerability are listed within this tag. - Attributes: "name" => Product name "vendor" => - Vendor of this product - - - - - - Represents a version - of this product that is affected by - this vulnerability. Attributes: - "num" => This version number "prev" - => Indicates that versions previous - to this version number are also - affected by this vulnerability - "edition" => Indicates the edition - associated with the version number - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Defines date format for NVD. Dates follow the mask "yyyy-mm-dd" - - - - - - - - - Restricts urls in NVD beyond the xs:anyURI restrictions. - - - - - - - - - - simpleType used for attributes that are only present when they are - true. Such attributes appear only in the form attribute_name="1". - - - - - - - - - simpleType used when scoring on a scale of 0-10, inclusive - - - - - - - - - - simpleType to describe the CVSS Base Vector - - - - - -