Author: joeyh
Date: 2011-02-24 21:15:08 +0000 (Thu, 24 Feb 2011)
New Revision: 16248
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-02-24 18:55:23 UTC (rev 16247)
+++ data/CVE/list 2011-02-24 21:15:08 UTC (rev 16248)
@@ -1,3 +1,25 @@
+CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x
before ...)
+ TODO: check
+CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2
does not ...)
+ TODO: check
+CVE-2011-1066 (Cross-site scripting (XSS) vulnerability in the Messaging module
...)
+ TODO: check
+CVE-2011-1065 (Multiple stack-based buffer overflows in the PIPIWebPlayer
ActiveX ...)
+ TODO: check
+CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo
CMS 7 ...)
+ TODO: check
+CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in
Cherry-Design ...)
+ TODO: check
+CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24
allows ...)
+ TODO: check
+CVE-2011-1060 (SQL injection vulnerability in the member function in ...)
+ TODO: check
+CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705,
as ...)
+ TODO: check
+CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389
...)
+ TODO: check
CVE-2011-XXXX [ADC path traversal]
- gitolite <unfixed>
TODO: check
@@ -3,6 +25,6 @@
NOTE:
https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075
NOTE:
https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc
-CVE-2011-1058
- RESERVED
+CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the rst parser in
...)
+ TODO: check
CVE-2011-1057 (The installer for Metasploit Framework 3.5.1, when running on
Windows, ...)
TODO: check
@@ -47,8 +69,8 @@
RESERVED
CVE-2011-1039
RESERVED
-CVE-2011-1038
- RESERVED
+CVE-2011-1038 (Multiple cross-site scripting (XSS) vulnerabilities in
stconf.nsf in ...)
+ TODO: check
CVE-2011-1037
RESERVED
CVE-2011-1036
@@ -147,14 +169,12 @@
RESERVED
CVE-2011-1004
RESERVED
-CVE-2011-1003
- RESERVED
+CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings
function in ...)
- clamav 0.97+dfsg-1
[lenny] - clamav <end-of-life>
NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486
NOTE:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
-CVE-2011-1002 [remote denial of service by sending NULL UDP]
- RESERVED
+CVE-2011-1002 (avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29
allows ...)
- avahi 0.6.28-4 (bug #614785)
NOTE: https://bugzilla.redhat.com/CVE-2011-0634 (duped with CVE-2011-1002)
CVE-2011-1001
@@ -163,8 +183,7 @@
{DSA-2169-1}
- telepathy-gabble 0.9.15-2
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048
-CVE-2011-0999
- RESERVED
+CVE-2011-0999 (mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not
...)
- linux-2.6 <not-affected> (Introduced in 2.6.38-rc1, fixed in
2.6.38-rc5)
CVE-2011-0998
RESERVED
@@ -869,8 +888,7 @@
RESERVED
CVE-2011-0726
RESERVED
-CVE-2011-0725
- RESERVED
+CVE-2011-0725 (Absolute path traversal vulnerability in the ...)
- aptdaemon <unfixed>
TODO: check
NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/722228
@@ -926,8 +944,7 @@
CVE-2011-0708 [exif data processing DoS (limited abitrary memory access)]
RESERVED
- php5 <unfixed>
-CVE-2011-0707 [unspecified XSS vulnerability]
- RESERVED
+CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in
Cgi/confirm.py ...)
{DSA-2170-1}
- mailman 1:2.1.14-1
NOTE: patch
http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt
@@ -1149,7 +1166,7 @@
CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in
MaraDNS ...)
- maradns 1.4.03-1.1 (bug #610834)
CVE-2011-0634
- RESERVED
+ REJECTED
CVE-2011-0633
RESERVED
CVE-2011-0632
@@ -1360,13 +1377,12 @@
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0533 (Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1
...)
NOT-FOR-US: Apache Continuum
-CVE-2011-0532
- RESERVED
+CVE-2011-0532 (The (1) backup and restore scripts, (2) main initialization
script, ...)
+ TODO: check
CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC
media ...)
{DSA-2159-1}
- vlc 1.1.7-1 (medium)
-CVE-2011-0530
- RESERVED
+CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the
server ...)
- nbd 1:2.9.16-8 (bug #611187)
CVE-2011-0529
RESERVED
@@ -1691,8 +1707,8 @@
RESERVED
CVE-2011-0415
RESERVED
-CVE-2011-0414
- RESERVED
+CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an
authoritative ...)
+ TODO: check
CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1,
4.0-ESV ...)
- isc-dhcp 4.1.1-P1-16 (bug #611217)
- dhcp3 <not-affected> (vuln code introduced in 4.0)
@@ -3045,8 +3061,8 @@
RESERVED
CVE-2011-0023
RESERVED
-CVE-2011-0022
- RESERVED
+CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat
Directory ...)
+ TODO: check
CVE-2011-0522 (The StripTags function in (1) the USF decoder ...)
- vlc 1.1.3-1squeeze2
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder
in ...)
@@ -3054,8 +3070,8 @@
NOTE:
http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the
pango_ft2_font_render_box_glyph ...)
- pango1.0 1.28.3-1+squeeze1 (bug #610792)
-CVE-2011-0019
- RESERVED
+CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red
Hat ...)
+ TODO: check
CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x
through ...)
NOT-FOR-US: OpenVAS Manager
CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not
check ...)