Author: joeyh
Date: 2011-01-26 21:15:17 +0000 (Wed, 26 Jan 2011)
New Revision: 15977
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-26 21:01:44 UTC (rev 15976)
+++ data/CVE/list 2011-01-26 21:15:17 UTC (rev 15977)
@@ -1,3 +1,21 @@
+CVE-2011-0649
+ RESERVED
+CVE-2011-0648
+ RESERVED
+CVE-2011-0647
+ RESERVED
+CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS
allows ...)
+ TODO: check
+CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows
...)
+ TODO: check
+CVE-2011-0644 (SQL injection vulnerability in
include/admin/model_field.class.php in ...)
+ TODO: check
+CVE-2011-0643 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2011-0642 (Cross-site request forgery (CSRF) vulnerability in
news/admin.php in ...)
+ TODO: check
+CVE-2011-0641 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2011-0640 (The default configuration of udev on Linux does not warn the
user ...)
NOTE: Not much that could sensibly be fixed here
CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling
...)
@@ -1091,7 +1109,7 @@
RESERVED
CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business
Availability ...)
NOT-FOR-US: HP Business Availability
-CVE-2011-0273 (Unspecified vulnerability in HP OpenView Storage Data Protector
6.11 ...)
+CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector
Cell ...)
NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote
...)
NOT-FOR-US: HP LoadRunner
@@ -1907,8 +1925,7 @@
RESERVED
CVE-2011-XXXX [VLC heap corruption in subtitle decoder]
- vlc 1.1.3-1squeeze2
-CVE-2011-0021 [VLC CDG]
- RESERVED
+CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder
in ...)
- vlc 1.1.3-1squeeze2
NOTE:
http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the
pango_ft2_font_render_box_glyph ...)
@@ -1940,9 +1957,9 @@
- sudo 1.7.4p4-6 (bug #609641)
[lenny] - sudo <not-affected> (Only affects 1.7.x)
NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
-CVE-2011-0009
- RESERVED
+CVE-2011-0009 (Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before
...)
{DSA-2150-1}
+ TODO: check
CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14
on ...)
- sudo <not-affected> (Fedora-specific issue)
CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted
local ...)
@@ -2584,8 +2601,7 @@
{DSA-2138-1}
NOTE: http://core.trac.wordpress.org/changeset/16625
- wordpress 3.0.2-1 (bug #605603)
-CVE-2010-4256 [linux: pipe_fcntl local DoS]
- RESERVED
+CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before
2.6.37 ...)
- linux-2.6 <unfixed>
CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1
and ...)
- xen 4.0.1-2 (bug #609531)
@@ -8798,7 +8814,7 @@
NOT-FOR-US: Consona
CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona
Live ...)
NOT-FOR-US: Consona
-CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager Client 1.5.x
allows ...)
+CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C
Client ...)
NOT-FOR-US: EMC RSA key manager
CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word
Viewer, ...)
NOT-FOR-US: Microsoft Word