thr3ads.net - Secure testing commits - [Secure-testing-commits] r16530

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Apr-14 21:15 UTC
[Secure-testing-commits] r16530 - data/CVE

Author: joeyh
Date: 2011-04-14 21:15:25 +0000 (Thu, 14 Apr 2011)
New Revision: 16530

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-04-14 09:15:02 UTC (rev 16529)
+++ data/CVE/list	2011-04-14 21:15:25 UTC (rev 16530)
@@ -1,4 +1,21 @@
+CVE-2011-1690
+	RESERVED
+CVE-2011-1689
+	RESERVED
+CVE-2011-1688
+	RESERVED
+CVE-2011-1687
+	RESERVED
+CVE-2011-1686
+	RESERVED
+CVE-2011-1685
+	RESERVED
+CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43,
6.1.x ...)
+	TODO: check
+CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in
phpList ...)
+	TODO: check
 CVE-2011-1684 [VideoLAN-SA-1103]
+	RESERVED
 	{DSA-2218-1}
 	- vlc 1.1.8-3 (medium)
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -449,8 +466,7 @@
 	RESERVED
 CVE-2011-1501
 	RESERVED
-CVE-2011-1500
-	RESERVED
+CVE-2011-1500 (PreferencesPithosDialog.py in Pithos 0.3.7 does not properly
restrict ...)
 	- pithos 0.3.8-1 (low)
 CVE-2011-1499
 	RESERVED
@@ -852,7 +868,7 @@
 	NOT-FOR-US: Internet Explorer
 CVE-2011-1346 (Unspecified vulnerability in Microsoft Internet Explorer 8 on
Windows ...)
 	NOT-FOR-US: Internet Explorer
-CVE-2011-1345 (Unspecified vulnerability in Microsoft Internet Explorer 8 on
Windows ...)
+CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle
...)
 	NOT-FOR-US: Internet Explorer
 CVE-2011-1344 (Unspecified vulnerability in WebKit, as used in Apple Safari
5.0.4 on ...)
 	- chromium-browser <undetermined>
@@ -1075,48 +1091,48 @@
 	RESERVED
 CVE-2011-1246
 	RESERVED
-CVE-2011-1245
-	RESERVED
-CVE-2011-1244
-	RESERVED
-CVE-2011-1243
-	RESERVED
-CVE-2011-1242
-	RESERVED
-CVE-2011-1241
-	RESERVED
-CVE-2011-1240
-	RESERVED
-CVE-2011-1239
-	RESERVED
-CVE-2011-1238
-	RESERVED
-CVE-2011-1237
-	RESERVED
-CVE-2011-1236
-	RESERVED
-CVE-2011-1235
-	RESERVED
-CVE-2011-1234
-	RESERVED
-CVE-2011-1233
-	RESERVED
-CVE-2011-1232
-	RESERVED
-CVE-2011-1231
-	RESERVED
-CVE-2011-1230
-	RESERVED
-CVE-2011-1229
-	RESERVED
-CVE-2011-1228
-	RESERVED
-CVE-2011-1227
-	RESERVED
-CVE-2011-1226
-	RESERVED
-CVE-2011-1225
-	RESERVED
+CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict
script ...)
+	TODO: check
+CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce
intended ...)
+	TODO: check
+CVE-2011-1243 (The Windows Messenger ActiveX control in msgsc.dll in Microsoft
...)
+	TODO: check
+CVE-2011-1242 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1241 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1240 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1239 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1238 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1237 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1236 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1235 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1234 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-1233 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1232 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1231 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1230 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1229 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1228 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1227 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1226 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-1225 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
 CVE-2011-XXXX [dokuwiki ACL bypass]
 	- dokuwiki 0.0.20101107a-1 (low)
 	[squeeze] - dokuwiki <no-dsa> (Minor issue)
@@ -1930,22 +1946,22 @@
 	- dhcp3 <not-affected> (only affects 4.2.0)
 	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/4820
 	NOTE: inrodroduced in 4.2.0 and fixed in 4.2.1
-CVE-2011-0996
-	RESERVED
+CVE-2011-0996 (dhcpcd before 5.2.12 allows remote attackers to execute
arbitrary ...)
+	TODO: check
 CVE-2011-0995
 	RESERVED
 CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File
Reporter ...)
 	NOT-FOR-US: Novell File Reporter
 CVE-2011-0993
 	RESERVED
-CVE-2011-0992
-	RESERVED
-CVE-2011-0991
-	RESERVED
-CVE-2011-0990
-	RESERVED
-CVE-2011-0989
-	RESERVED
+CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before
2.4.1 ...)
+	TODO: check
+CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before
2.4.1 ...)
+	TODO: check
+CVE-2011-0990 (Race condition in the FastCopy optimization in the Array.Copy
method ...)
+	TODO: check
+CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in metadata/icall.c in
Mono, ...)
+	TODO: check
 CVE-2011-0988
 	RESERVED
 CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP
Gateway ...)
@@ -2035,15 +2051,15 @@
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/76708
-CVE-2011-0980 (Microsoft Office Excel 2003 does not properly parse Office Art
...)
+CVE-2011-0980 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for
Mac, ...)
 	NOT-FOR-US: Microsoft Office Excel 2003
-CVE-2011-0979 (Microsoft Office Excel does not properly handle errors during
the ...)
+CVE-2011-0979 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office
2004, ...)
 	NOT-FOR-US: Microsoft Office Excel
-CVE-2011-0978 (Stack-based buffer overflow in Microsoft Office Excel allows
remote ...)
+CVE-2011-0978 (Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003
SP3, and ...)
 	NOT-FOR-US: Microsoft Office Excel
-CVE-2011-0977 (Use-after-free vulnerability in Microsoft Excel 2007 allows
remote ...)
+CVE-2011-0977 (Use-after-free vulnerability in Microsoft Office XP SP3, Office
2003 ...)
 	NOT-FOR-US: Microsoft Office Excel
-CVE-2011-0976 (Microsoft Office PowerPoint 2007 does not properly handle Office
Art ...)
+CVE-2011-0976 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office
2004 and ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2011-0975 (Stack-based buffer overflow in BMC PATROL Agent Service Daemon
for in ...)
 	NOT-FOR-US: BMC PATROL
@@ -2600,12 +2616,12 @@
 	RESERVED
 CVE-2011-0749
 	RESERVED
-CVE-2011-0748
-	RESERVED
+CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in
phpList ...)
+	TODO: check
 CVE-2011-0747
 	RESERVED
-CVE-2011-0746
-	RESERVED
+CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
 CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and
direct ...)
 	TODO: check
 CVE-2011-0744
@@ -2820,52 +2836,52 @@
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in
...)
 	NOT-FOR-US: Lomtec ActiveWeb Professional
-CVE-2011-0677
-	RESERVED
-CVE-2011-0676
-	RESERVED
-CVE-2011-0675
-	RESERVED
-CVE-2011-0674
-	RESERVED
-CVE-2011-0673
-	RESERVED
-CVE-2011-0672
-	RESERVED
-CVE-2011-0671
-	RESERVED
-CVE-2011-0670
-	RESERVED
+CVE-2011-0677 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-0676 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-0675 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0674 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0673 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP3 ...)
+	TODO: check
+CVE-2011-0672 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0671 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0670 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
 CVE-2011-0669
 	RESERVED
 CVE-2011-0668
 	RESERVED
-CVE-2011-0667
-	RESERVED
-CVE-2011-0666
-	RESERVED
-CVE-2011-0665
-	RESERVED
+CVE-2011-0667 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0666 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
 CVE-2011-0664
 	RESERVED
-CVE-2011-0663
-	RESERVED
-CVE-2011-0662
-	RESERVED
-CVE-2011-0661
-	RESERVED
-CVE-2011-0660
-	RESERVED
+CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6
through ...)
+	TODO: check
+CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
+	TODO: check
+CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3,
Windows ...)
+	TODO: check
+CVE-2011-0660 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows
Server ...)
+	TODO: check
 CVE-2011-0659
 	RESERVED
 CVE-2011-0658
 	RESERVED
-CVE-2011-0657
-	RESERVED
-CVE-2011-0656
-	RESERVED
-CVE-2011-0655
-	RESERVED
+CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and
SP3, ...)
+	TODO: check
+CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010;
Office ...)
+	TODO: check
+CVE-2011-0655 (Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and
2011 ...)
+	TODO: check
 CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in
the ...)
 	NOT-FOR-US: Windows 2003
 CVE-2011-0653
@@ -2988,8 +3004,7 @@
 	RESERVED
 CVE-2011-0612
 	RESERVED
-CVE-2011-0611
-	RESERVED
+CVE-2011-0611 (Unspecified vulnerability in Adobe Flash Player 10.2.154.25 and
...)
 	NOT-FOR-US: Adobe Flash Player / Acrobat Reader
 CVE-2011-0610
 	RESERVED
@@ -4485,34 +4500,34 @@
 	RESERVED
 CVE-2011-0108
 	RESERVED
-CVE-2011-0107
-	RESERVED
+CVE-2011-0107 (Untrusted search path vulnerability in Microsoft Office XP SP3,
Office ...)
+	TODO: check
 CVE-2011-0106
 	RESERVED
-CVE-2011-0105
-	RESERVED
-CVE-2011-0104
-	RESERVED
-CVE-2011-0103
-	RESERVED
+CVE-2011-0105 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open
XML ...)
+	TODO: check
+CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for
Mac, ...)
+	TODO: check
+CVE-2011-0103 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for
Mac, ...)
+	TODO: check
 CVE-2011-0102
 	RESERVED
-CVE-2011-0101
-	RESERVED
+CVE-2011-0101 (Microsoft Excel 2002 SP3 allows remote attackers to execute
arbitrary ...)
+	TODO: check
 CVE-2011-0100
 	RESERVED
 CVE-2011-0099
 	RESERVED
-CVE-2011-0098
-	RESERVED
-CVE-2011-0097
-	RESERVED
-CVE-2011-0096 (The MHTML implementation in Microsoft Windows XP SP2 and SP3,
Windows ...)
+CVE-2011-0098 (Heap-based buffer overflow in Microsoft Excel 2002 SP3, 2003
SP3, 2007 ...)
+	TODO: check
+CVE-2011-0097 (Integer overflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007
SP2, and ...)
+	TODO: check
+CVE-2011-0096 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3,
...)
 	NOT-FOR-US: Microsoft mhtml
 CVE-2011-0095
 	RESERVED
-CVE-2011-0094
-	RESERVED
+CVE-2011-0094 (Microsoft Internet Explorer 6 and 7 does not properly handle
objects ...)
+	TODO: check
 CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2
does ...)
 	NOT-FOR-US: Microsoft Visio
 CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in
...)
@@ -4822,8 +4837,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and
...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-0041
-	RESERVED
+CVE-2011-0041 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP
SP2 ...)
+	TODO: check
 CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003
SP2 ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in
Microsoft ...)
@@ -4836,8 +4851,8 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle
...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2011-0034
-	RESERVED
+CVE-2011-0034 (Stack-based buffer overflow in the OpenType Compact Font Format
(aka ...)
+	TODO: check
 CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft
Windows XP ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft
Windows ...)
@@ -4848,8 +4863,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft
Remote ...)
 	NOT-FOR-US: Microsoft
-CVE-2011-0028
-	RESERVED
+CVE-2011-0028 (WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2
does ...)
+	TODO: check
 CVE-2011-0027 (Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and
Windows ...)
 	NOT-FOR-US: Microsoft Data Access Components
 CVE-2011-0026 (Integer signedness error in the SQLConnectW function in an ODBC
API ...)
@@ -6508,9 +6523,9 @@
 	NOT-FOR-US: Adobe Flash Player
 CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9
allows ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2010-3974
-	RESERVED
-CVE-2010-3973 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft
WMI ...)
+CVE-2010-3974 (fxscover.exe in the Fax Cover Page Editor in Microsoft Windows
XP SP2 ...)
+	TODO: check
+CVE-2010-3973 (The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0
in ...)
 	NOT-FOR-US: Microsoft
 CVE-2010-3972 (Heap-based buffer overflow in the
TELNET_STREAM_CONTEXT::OnSendData ...)
 	NOT-FOR-US: Microsoft Internet Information Services
@@ -6540,8 +6555,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and
SP3, ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-3958
-	RESERVED
+CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5
SP1, ...)
+	TODO: check
 CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in
...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and
SP3, ...)
@@ -8654,7 +8669,7 @@
 	NOTE: Minor information leak
 CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate
5.0.0.596, and ...)
 	NOT-FOR-US: Adobe Captivate
-CVE-2010-3190 (Untrusted search path vulnerability in ATL MFC Trace Tool ...)
+CVE-2010-3190 (Untrusted search path vulnerability in the Microsoft Foundation
Class ...)
 	NOT-FOR-US: ATL MFC Trace Tool
 CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX
control ...)
 	NOT-FOR-US: Trend Micro Internet Security Pro
@@ -15614,7 +15629,7 @@
 	RESERVED
 CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold,
SP1, ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0811 (Unspecified vulnerability in the Microsoft Internet Explorer 8
...)
+CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet
...)
 	NOT-FOR-US: Microsoft
 CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and
Windows ...)
 	NOT-FOR-US: Microsoft Windows
Secure testing commits - Apr 2011 - r16530 - data/CVE

[Secure-testing-commits] r16530 - data/CVE
