Author: helmut-guest
Date: 2011-06-20 08:40:48 +0000 (Mon, 20 Jun 2011)
New Revision: 16823
Modified:
data/CVE/list
Log:
update from nvd.nist.gov. mostly NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-06-20 07:48:32 UTC (rev 16822)
+++ data/CVE/list 2011-06-20 08:40:48 UTC (rev 16823)
@@ -16,6 +16,9 @@
- linux-2.6 2.6.32-1
CVE-2011-2203 [HFS DoS]
- linux-2.6 <unfixed>
+CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c ...)
+ - php5 <undetermined>
+ NOTE: probably affected, because fixed upstream in 5.3.7
CVE-2011-2199 [tftp-hpa buffer overflow]
- tftp-hpa <unfixed>
NOTE:
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
@@ -260,82 +263,82 @@
RESERVED
CVE-2011-2129
RESERVED
-CVE-2011-2128
- RESERVED
-CVE-2011-2127
- RESERVED
-CVE-2011-2126
- RESERVED
-CVE-2011-2125
- RESERVED
-CVE-2011-2124
- RESERVED
-CVE-2011-2123
- RESERVED
-CVE-2011-2122
- RESERVED
-CVE-2011-2121
- RESERVED
-CVE-2011-2120
- RESERVED
-CVE-2011-2119
- RESERVED
-CVE-2011-2118
- RESERVED
-CVE-2011-2117
- RESERVED
-CVE-2011-2116
- RESERVED
-CVE-2011-2115
- RESERVED
-CVE-2011-2114
- RESERVED
-CVE-2011-2113
- RESERVED
-CVE-2011-2112
- RESERVED
-CVE-2011-2111
- RESERVED
-CVE-2011-2110
- RESERVED
-CVE-2011-2109
- RESERVED
-CVE-2011-2108
- RESERVED
+CVE-2011-2128 (... allows attackers to execute arbitrary code or cause a
denial ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2127 (... allows attackers to execute arbitrary code or cause a
denial ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2126 (... allows attackers to execute arbitrary code via unspecified
vectors.)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2125 (Buffer overflow in Dirapix.dll ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2124 (... attackers to execute arbitrary code or cause a denial of
service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2122 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2121 (Integer overflow ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2120 (Integer overflow in the CursorAsset x32 component ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2119 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2118 (The FLV ASSET Xtra component ... allows attackers to execute
arbitrary code ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2117 (... allows attackers to execute arbitrary code or cause a
denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2116 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2115 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2114 (... allows attackers to execute arbitrary code or cause a
denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2112 (Multiple buffer overflows in IML32.dll ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2111 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2110 (... allows remote attackers to execute arbitrary code or cause
a denial of service ...)
+ NOT-FOR-US: Adobe Flash Player
+CVE-2011-2109 (Multiple integer overflows in Dirapi.dll ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2108 (... allows attackers to execute arbitrary code via unspecified
vectors ...)
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
before 10.3.181.22 ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2011-2106
- RESERVED
-CVE-2011-2105
- RESERVED
-CVE-2011-2104
- RESERVED
-CVE-2011-2103
- RESERVED
-CVE-2011-2102
- RESERVED
-CVE-2011-2101
- RESERVED
-CVE-2011-2100
- RESERVED
-CVE-2011-2099
- RESERVED
-CVE-2011-2098
- RESERVED
-CVE-2011-2097
- RESERVED
-CVE-2011-2096
- RESERVED
-CVE-2011-2095
- RESERVED
-CVE-2011-2094
- RESERVED
-CVE-2011-2093
- RESERVED
-CVE-2011-2092
- RESERVED
-CVE-2011-2091
- RESERVED
+CVE-2011-2106 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2105 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2104 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2103 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2102 (... allows attackers to bypass intended access restrictions ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2101 (... do not properly restrict script ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2100 (Untrusted search path vulnerability ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2099 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2098 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2097 (Buffer overflow ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2096 (Heap-based buffer overflow ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2095 (Buffer overflow ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2094 (Buffer overflow ...)
+ NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2093 (... do not properly handle object graphs ...)
+ NOT-FOR-US: Adobe LiveCycle Data Services
+CVE-2011-2092 (... do not properly restrict creation of classes ...)
+ NOT-FOR-US: Adobe LiveCycle Data Services
+CVE-2011-2091 (... allows remote attackers to cause a denial of service ...)
+ NOT-FOR-US: Adobe ColdFusion
CVE-2011-2090
RESERVED
CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the
...)
@@ -786,8 +789,8 @@
RESERVED
CVE-2011-1895
RESERVED
-CVE-2011-1894
- RESERVED
+CVE-2011-1894 (The MHTML protocol handler ... does not properly handle a MIME
format ...)
+ NOT-FOR-US: Microsoft Windows
CVE-2011-1893
RESERVED
CVE-2011-1892
@@ -796,8 +799,8 @@
RESERVED
CVE-2011-1890
RESERVED
-CVE-2011-1889
- RESERVED
+CVE-2011-1889 (The NSPLookupServiceNext function ... allows remote attackers
to execute arbitrary code ...)
+ NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2011-1888
RESERVED
CVE-2011-1887
@@ -828,18 +831,18 @@
RESERVED
CVE-2011-1874
RESERVED
-CVE-2011-1873
- RESERVED
-CVE-2011-1872
- RESERVED
+CVE-2011-1873 (win32k.sys in the kernel-mode drivers ... does not properly
validate pointers during ...)
+ NOT-FOR-US: Microsoft Windows
+CVE-2011-1872 (Hyper-V ... allows guest OS users to cause a denial of service
...)
+ NOT-FOR-US: Microsoft Windows
CVE-2011-1871
RESERVED
CVE-2011-1870
RESERVED
-CVE-2011-1869
- RESERVED
-CVE-2011-1868
- RESERVED
+CVE-2011-1869 (The Distributed File System (DFS) implementation ... allows
remote DFS servers to cause a denial of service ...)
+ NOT-FOR-US: Microsoft Windows
+CVE-2011-1868 (The Distributed File System (DFS) implementation ... does not
properly validate fields in DFS responses ...)
+ NOT-FOR-US: Microsoft Windows
CVE-2010-4804
NOT-FOR-US: Android Browser
CVE-2011-XXXX
@@ -2549,76 +2552,76 @@
RESERVED
CVE-2011-1281
RESERVED
-CVE-2011-1280
- RESERVED
-CVE-2011-1279
- RESERVED
-CVE-2011-1278
- RESERVED
-CVE-2011-1277
- RESERVED
-CVE-2011-1276
- RESERVED
-CVE-2011-1275
- RESERVED
-CVE-2011-1274
- RESERVED
-CVE-2011-1273
- RESERVED
-CVE-2011-1272
- RESERVED
+CVE-2011-1280 (The XML Editor ... does not properly handle external entities
...)
+ NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management
Studio Express, Visual Studio
+CVE-2011-1279 (... do not properly validate record information ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
+CVE-2011-1278 (... do not properly validate record information ...)
+ NOT-FOR-US: Microsoft Excel, Office
+CVE-2011-1277 (... do not properly validate record information ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
+CVE-2011-1276 (Buffer overflow ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter,
Excel Viewer, Office Compatibility Pack
+CVE-2011-1275 (... do not properly validate record information ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
+CVE-2011-1274 (... do not properly validate record information ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter,
Excel Viewer, Office Compatibility Pack
+CVE-2011-1273 (... do not properly validate record information ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter,
Excel Viewer, Office Compatibility Pack
+CVE-2011-1272 (... do not properly validate record structures ...)
+ NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter,
Excel Viewer, Office Compatibility Pack
CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework before 4 beta 2,
when ...)
NOT-FOR-US: Microsoft .NET Framework
CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3
allows ...)
NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3
CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office
2004 and ...)
NOT-FOR-US: Microsoft
-CVE-2011-1268
- RESERVED
-CVE-2011-1267
- RESERVED
-CVE-2011-1266
- RESERVED
+CVE-2011-1268 (The SMB client ... allows remote SMB servers to execute
arbitrary ...)
+ NOT-FOR-US: Microsoft Windows
+CVE-2011-1267 (The SMB server ... allows remote attackers to cause a denial of
service ...)
+ NOT-FOR-US: Microsoft Windows
+CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll ...)
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1265
RESERVED
-CVE-2011-1264
- RESERVED
+CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory
Certificate Services Web Enrollment ...)
+ NOT-FOR-US: Microsoft Windows
CVE-2011-1263
RESERVED
-CVE-2011-1262
- RESERVED
-CVE-2011-1261
- RESERVED
-CVE-2011-1260
- RESERVED
+CVE-2011-1262 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1261 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1260 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1259
RESERVED
-CVE-2011-1258
- RESERVED
+CVE-2011-1258 (... does not properly restrict web script ...)
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1257
RESERVED
-CVE-2011-1256
- RESERVED
-CVE-2011-1255
- RESERVED
-CVE-2011-1254
- RESERVED
+CVE-2011-1256 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1255 (The Timed Interactive Multimedia Extensions ... does not
properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1254 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1253
RESERVED
-CVE-2011-1252
- RESERVED
-CVE-2011-1251
- RESERVED
-CVE-2011-1250
- RESERVED
-CVE-2011-1249
- RESERVED
+CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the toStaticHTML
API ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1251 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1250 (... does not properly handle objects in memory ...)
+ NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys ... does not
properly validate user-mode input ...)
+ NOT-FOR-US: Microsoft Windows
CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold,
SP2, ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-1247
RESERVED
-CVE-2011-1246
- RESERVED
+CVE-2011-1246 (... does not properly handle content settings in HTTP responses
...)
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict
script ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce
intended ...)
@@ -4477,8 +4480,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
NOT-FOR-US: Microsoft Windows
-CVE-2011-0664
- RESERVED
+CVE-2011-0664 (... does not properly validate arguments to unspecified
networking API functions ...)
+ NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6
through ...)
NOT-FOR-US: Microsoft JScript
CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
@@ -4489,8 +4492,8 @@
NOT-FOR-US: Microsoft Windows
CVE-2011-0659
RESERVED
-CVE-2011-0658
- RESERVED
+CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation
in VBScript.dll ...)
+ NOT-FOR-US: Microsoft Windows
CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and
SP3, ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010;
Office ...)
@@ -4584,8 +4587,8 @@
RESERVED
CVE-2011-0630
RESERVED
-CVE-2011-0629
- RESERVED
+CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability ...)
+ NOT-FOR-US: Adobe ColdFusion
CVE-2011-0628
RESERVED
CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X,
Linux, and ...)
@@ -5319,8 +5322,8 @@
RESERVED
CVE-2011-0336
RESERVED
-CVE-2011-0335
- RESERVED
+CVE-2011-0335 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0334
RESERVED
CVE-2011-0333
@@ -5349,14 +5352,14 @@
NOT-FOR-US: EMC RSA Access Manager Server
CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
NOT-FOR-US: EMC NetWorker
-CVE-2011-0320
- RESERVED
-CVE-2011-0319
- RESERVED
-CVE-2011-0318
- RESERVED
-CVE-2011-0317
- RESERVED
+CVE-2011-0320 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-0319 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-0318 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-0317 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0316 (The Administrative Console component in IBM WebSphere
Application ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0315 (Cross-site scripting (XSS) vulnerability in the Servlet Engine
/ Web ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
