Author: joeyh
Date: 2011-04-04 21:15:19 +0000 (Mon, 04 Apr 2011)
New Revision: 16478
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-04-03 21:16:39 UTC (rev 16477)
+++ data/CVE/list 2011-04-04 21:15:19 UTC (rev 16478)
@@ -1,3 +1,11 @@
+CVE-2011-1557 (SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows
...)
+ TODO: check
+CVE-2011-1556 (SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in
Andy''s ...)
+ TODO: check
+CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy''s PHP
Knowledgebase ...)
+ TODO: check
+CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf
before ...)
TODO: check
CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used
in ...)
@@ -16,8 +24,8 @@
TODO: check
CVE-2011-1547
RESERVED
-CVE-2011-1546
- RESERVED
+CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy''s PHP
Knowledgebase ...)
+ TODO: check
CVE-2011-1545
RESERVED
CVE-2011-1544
@@ -369,8 +377,7 @@
NOT-FOR-US: Kodak InSite
CVE-2011-1426
RESERVED
-CVE-2011-1425 [xmlsec file overwrite]
- RESERVED
+CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as
used in ...)
- xmlsec1 <unfixed> (bug #620560)
NOTE: http://www.aleksey.com/xmlsec/news.html
CVE-2011-1424
@@ -1104,8 +1111,8 @@
RESERVED
CVE-2011-1127
RESERVED
-CVE-2011-1126
- RESERVED
+CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware
...)
+ TODO: check
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or
libc6) ...)
- glibc <removed>
- eglibc <unfixed>
@@ -1325,11 +1332,9 @@
RESERVED
CVE-2011-1084
RESERVED
-CVE-2011-1083
- RESERVED
+CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and
earlier does ...)
- linux-2.6 <unfixed> (low)
-CVE-2011-1082
- RESERVED
+CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll
file ...)
- linux-2.6 2.6.38-1 (low)
CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote
...)
- openldap <unfixed> (low; bug #617606)
@@ -1773,8 +1778,8 @@
RESERVED
CVE-2011-0952
RESERVED
-CVE-2011-0951
- RESERVED
+CVE-2011-0951 (The web-based management interface in Cisco Secure Access
Control ...)
+ TODO: check
CVE-2011-0950
RESERVED
CVE-2011-0949
@@ -1891,14 +1896,14 @@
RESERVED
CVE-2011-0895
RESERVED
-CVE-2011-0894
- RESERVED
-CVE-2011-0893
- RESERVED
+CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX
platforms ...)
+ TODO: check
+CVE-2011-0893 (Cross-site scripting (XSS) vulnerability in HP Operations 9.10
on UNIX ...)
+ TODO: check
CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x
and ...)
TODO: check
-CVE-2011-0891
- RESERVED
+CVE-2011-0891 (Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP
HP-UX ...)
+ TODO: check
CVE-2011-0890 (HP Discovery & Dependency Mapping Inventory (DDMI) 7.50,
7.51, 7.60, ...)
NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise
(aka HPCA ...)
@@ -3042,8 +3047,8 @@
- webkit <not-affected> (chromium specific)
CVE-2011-0469
RESERVED
-CVE-2011-0468
- RESERVED
+CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3,
and ...)
+ TODO: check
CVE-2011-0467
RESERVED
CVE-2011-0466
@@ -3056,8 +3061,8 @@
RESERVED
CVE-2011-0462
RESERVED
-CVE-2011-0461
- RESERVED
+CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before
11.2-43.48.1 ...)
+ TODO: check
CVE-2011-0460
RESERVED
CVE-2011-0459
@@ -4134,8 +4139,8 @@
NOT-FOR-US: Ecava IntegraXor
CVE-2010-4597 (Stack-based buffer overflow in the save method in the ...)
NOT-FOR-US: Ecava IntegraXor
-CVE-2010-4596
- RESERVED
+CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x,
13.x, ...)
+ TODO: check
CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4
...)
NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4,
when ...)
@@ -5494,8 +5499,8 @@
- linux-2.6 <not-affected> (RedHat-specific issue, does not affect
Xen-upstream/Debian)
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM
OmniFind ...)
NOT-FOR-US: IBM OmniFind Enterprise Edition
-CVE-2010-4235
- RESERVED
+CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x,
13.x, ...)
+ TODO: check
CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and
TecVoz ...)
NOT-FOR-US: Camtron, TecVoz
CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera
and ...)
@@ -6985,8 +6990,7 @@
CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde
...)
- horde3 3.3.8+debian0-2 (bug #598582)
NOTE: http://lists.horde.org/archives/announce/2010/000568.html
-CVE-2010-3693 [XSS vulnerability when showing mailbox names]
- RESERVED
+CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP
(DIMP) ...)
- dimp1 1.1.4+debian2-1.1 (bug #598583)
NOTE: http://lists.horde.org/archives/announce/2010/000561.html
CVE-2010-3692 (Directory traversal vulnerability in the callback function in
...)
@@ -7166,7 +7170,7 @@
- dhcp <not-affected> (Only affects DHCP 4.x)
CVE-2010-3610
RESERVED
-CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol
daemon ...)
+CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and
other ...)
NOT-FOR-US: VMware ESX
CVE-2010-3659 [Multiple security issues]
RESERVED
@@ -7633,8 +7637,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-12 (bug #565790; unimportant)
NOTE: this is more of a hardware bug rather than a security issue
-CVE-2010-3447 [horde gollem XSS]
- RESERVED
+CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file
...)
- gollem 1.1.1+debian0-1.1 (bug #598585)
[lenny] - gollem <not-affected> ($filename not printed directly and
passed through htmlspecialchars())
NOTE: http://bugs.horde.org/ticket/9191