Author: joeyh
Date: 2011-10-05 21:14:20 +0000 (Wed, 05 Oct 2011)
New Revision: 17377
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-05 20:12:29 UTC (rev 17376)
+++ data/CVE/list 2011-10-05 21:14:20 UTC (rev 17377)
@@ -1,3 +1,47 @@
+CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and
7.1 ...)
+ TODO: check
+CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows
remote ...)
+ TODO: check
+CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka
...)
+ TODO: check
+CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka
search.php) in ...)
+ TODO: check
+CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3
allows ...)
+ TODO: check
+CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook
(com_jeguestbook) ...)
+ TODO: check
+CVE-2010-4864 (SQL injection vulnerability in the Club Manager
(com_clubmanager) ...)
+ TODO: check
+CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in
admin/changedata.php in ...)
+ TODO: check
+CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory ...)
+ TODO: check
+CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1
allows ...)
+ TODO: check
+CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction
2010 ...)
+ TODO: check
+CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst
Shop-Script ...)
+ TODO: check
+CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET
...)
+ TODO: check
+CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta
allows ...)
+ TODO: check
+CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows
remote ...)
+ TODO: check
+CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows
remote ...)
+ TODO: check
+CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6,
when ...)
+ TODO: check
+CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices)
...)
+ TODO: check
+CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill ...)
+ TODO: check
+CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE
allows ...)
+ TODO: check
+CVE-2008-7300 (The labeled networking implementation in Solaris Trusted
Extensions in ...)
+ TODO: check
+CVE-2000-1247 (The default configuration of the jserv-status handler in
jserv.conf in ...)
+ TODO: check
CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the
...)
TODO: check
CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload ...)
@@ -218,8 +262,7 @@
RESERVED
CVE-2011-3874
RESERVED
-CVE-2011-3873
- RESERVED
+CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement
shader ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
CVE-2011-XXXX [Fix file indirectory injection]
@@ -1515,18 +1558,23 @@
RESERVED
CVE-2011-3327
RESERVED
+ {DSA-2316-1}
- quagga 0.99.19-1
CVE-2011-3326
RESERVED
+ {DSA-2316-1}
- quagga 0.99.19-1
CVE-2011-3325
RESERVED
+ {DSA-2316-1}
- quagga 0.99.19-1
CVE-2011-3324
RESERVED
+ {DSA-2316-1}
- quagga 0.99.19-1
CVE-2011-3323
RESERVED
+ {DSA-2316-1}
- quagga 0.99.19-1
CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited
Procyon ...)
NOT-FOR-US: Scadatec Limited Procyon SCADA
@@ -2314,7 +2362,7 @@
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird
before ...)
- {DSA-2313-1 DSA-2312-1}
+ {DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove <unfixed>
- xulrunner <removed>
- iceweasel 7.0-1
@@ -2322,7 +2370,7 @@
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird
before ...)
- {DSA-2313-1 DSA-2312-1}
+ {DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove <unfixed>
- xulrunner <removed>
- iceweasel 7.0-1
@@ -2330,7 +2378,7 @@
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows
remote ...)
- {DSA-2313-1 DSA-2312-1}
+ {DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove <unfixed>
- xulrunner <removed>
- iceweasel 7.0-1
@@ -2350,7 +2398,7 @@
- iceweasel <not-affected> (Only affects MacOS)
- iceape <not-affected> (Only affects MacOS)
CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-2313-1 DSA-2312-1}
+ {DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove <unfixed>
- xulrunner <removed>
- iceweasel 7.0-1
@@ -2714,28 +2762,22 @@
NOT-FOR-US: Citrix Access Gateway
CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX
control ...)
NOT-FOR-US: Citrix Access Gateway
-CVE-2011-2881
- RESERVED
+CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle
Google V8 ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
-CVE-2011-2880
- RESERVED
+CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before
14.0.835.202 ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
-CVE-2011-2879
- RESERVED
+CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider
object ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
-CVE-2011-2878
- RESERVED
+CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict
access to ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
-CVE-2011-2877
- RESERVED
+CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG
text, ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
-CVE-2011-2876
- RESERVED
+CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before
14.0.835.202 ...)
- chromium-browser 14.0.835.202~r103287-1
- libv8 <undetermined>
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
@@ -3239,6 +3281,7 @@
NOT-FOR-US: Drupal data module
CVE-2011-2713
RESERVED
+ {DSA-2315-1}
- libreoffice 1:3.4.3-1
- openoffice.org 1:3.3.0-1
NOTE: Since 3.3.0 openoffice.org is a transitional source package to
migrate to libreoffice
@@ -3943,8 +3986,8 @@
RESERVED
CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
before ...)
TODO: check
-CVE-2011-2443
- RESERVED
+CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and
earlier ...)
+ TODO: check
CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6,
and 10.x ...)
NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe
Reader ...)
@@ -4112,7 +4155,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird
before ...)
- {DSA-2313-1 DSA-2312-1}
+ {DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove <unfixed>
- xulrunner <removed>
- iceweasel 7.0-1
@@ -5565,8 +5608,8 @@
CVE-2011-XXXX [spip DoS]
- spip <unfixed>
[squeeze] - spip 2.1.1-3squeeze1
-CVE-2011-1827
- RESERVED
+CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network
...)
+ TODO: check
CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in
BaconMap ...)
NOT-FOR-US: BaconMap
CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows
remote ...)
@@ -5822,8 +5865,7 @@
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.34-1
[squeeze] - linux-2.6 2.6.32-34squeeze1
-CVE-2011-1764 [DKIM format string issue in exim4]
- RESERVED
+CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish
function in ...)
{DSA-2232-1}
- exim4 4.75-3 (high; bug #624670)
[lenny] - exim4 <not-affected> (vulnerable code not present)
@@ -7333,8 +7375,8 @@
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in
the ...)
NOT-FOR-US: IBM Tivoli Storage Manager
-CVE-2011-1221
- RESERVED
+CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX
control ...)
+ TODO: check
CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in
IBM ...)
NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-1219
@@ -7570,8 +7612,8 @@
RESERVED
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1159
- RESERVED
+CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a
situation in ...)
+ TODO: check
CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in
Universal ...)
- feedparser 5.0.1-1 (low; bug #617998)
[squeeze] - feedparser <no-dsa> (Minor issue)
@@ -7885,8 +7927,7 @@
- linux-2.6 2.6.38-4 (low)
CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Archiva ...)
NOT-FOR-US: Apache Archiva
-CVE-2011-1076
- RESERVED
+CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38
allows ...)
- linux-2.6 2.6.38-1
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
@@ -9669,8 +9710,8 @@
NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0460
RESERVED
-CVE-2011-0459
- RESERVED
+CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password
Vault ...)
+ TODO: check
CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk
feature in ...)
NOT-FOR-US: Google Picasa
CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and
earlier ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
