thr3ads.net - Secure testing commits - [Secure-testing-commits] r16624

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-May-04 21:15 UTC
[Secure-testing-commits] r16624 - data/CVE

Author: joeyh
Date: 2011-05-04 21:15:14 +0000 (Wed, 04 May 2011)
New Revision: 16624

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-05-04 06:35:03 UTC (rev 16623)
+++ data/CVE/list	2011-05-04 21:15:14 UTC (rev 16624)
@@ -1,3 +1,51 @@
+CVE-2011-1867
+	RESERVED
+CVE-2011-1866
+	RESERVED
+CVE-2011-1865
+	RESERVED
+CVE-2011-1864
+	RESERVED
+CVE-2011-1863
+	RESERVED
+CVE-2011-1862
+	RESERVED
+CVE-2011-1861
+	RESERVED
+CVE-2011-1860
+	RESERVED
+CVE-2011-1859
+	RESERVED
+CVE-2011-1858
+	RESERVED
+CVE-2011-1857
+	RESERVED
+CVE-2011-1856
+	RESERVED
+CVE-2011-1855
+	RESERVED
+CVE-2011-1854
+	RESERVED
+CVE-2011-1853
+	RESERVED
+CVE-2011-1852
+	RESERVED
+CVE-2011-1851
+	RESERVED
+CVE-2011-1850
+	RESERVED
+CVE-2011-1849
+	RESERVED
+CVE-2011-1848
+	RESERVED
+CVE-2011-1847 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and
Windows ...)
+	TODO: check
+CVE-2011-1846 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and
Windows ...)
+	TODO: check
+CVE-2011-1845 (Multiple memory leaks in the DataGrid control implementation in
...)
+	TODO: check
+CVE-2011-1844 (Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows
...)
+	TODO: check
 CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow
...)
 	TODO: check
 CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector
before ...)
@@ -185,10 +233,10 @@
 	RESERVED
 CVE-2011-1787
 	RESERVED
-CVE-2011-1786
-	RESERVED
-CVE-2011-1785
-	RESERVED
+CVE-2011-1786 (lsassd in Likewise Open, as distributed in VMware ESXi 4.1 and
ESX ...)
+	TODO: check
+CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote
attackers to ...)
+	TODO: check
 CVE-2011-1784
 	RESERVED
 CVE-2011-1783
@@ -288,8 +336,8 @@
 	RESERVED
 CVE-2011-1740
 	RESERVED
-CVE-2011-1739
-	RESERVED
+CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4
through 8.2 ...)
+	TODO: check
 CVE-2011-1738
 	RESERVED
 CVE-2011-1737
@@ -312,14 +360,14 @@
 	RESERVED
 CVE-2011-1728
 	RESERVED
-CVE-2011-1727
-	RESERVED
-CVE-2011-1726
-	RESERVED
+CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54,
10.13, ...)
+	TODO: check
+CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54,
10.13, ...)
+	TODO: check
 CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x,
7.6x, ...)
 	NOT-FOR-US: HP Network Automation
-CVE-2011-1724
-	RESERVED
+CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment
before 6.3 ...)
+	TODO: check
 CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in ...)
 	TODO: check
 CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum
...)
@@ -418,8 +466,7 @@
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in
phpList ...)
 	NOT-FOR-US: phpList
-CVE-2011-1684 [VideoLAN-SA-1103]
-	RESERVED
+CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in
...)
 	{DSA-2218-1}
 	- vlc 1.1.8-3 (medium)
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -575,26 +622,26 @@
 	RESERVED
 CVE-2011-1614
 	RESERVED
-CVE-2011-1613
-	RESERVED
+CVE-2011-1613 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC)
...)
+	TODO: check
 CVE-2011-1612
 	RESERVED
 CVE-2011-1611
 	RESERVED
-CVE-2011-1610
-	RESERVED
-CVE-2011-1609
-	RESERVED
+CVE-2011-1610 (Multiple SQL injection vulnerabilities in xmldirectorylist.jsp
in the ...)
+	TODO: check
+CVE-2011-1609 (SQL injection vulnerability in Cisco Unified Communications
Manager ...)
+	TODO: check
 CVE-2011-1608
 	RESERVED
-CVE-2011-1607
-	RESERVED
-CVE-2011-1606
-	RESERVED
-CVE-2011-1605
-	RESERVED
-CVE-2011-1604
-	RESERVED
+CVE-2011-1607 (Directory traversal vulnerability in Cisco Unified
Communications ...)
+	TODO: check
+CVE-2011-1606 (Unspecified vulnerability in Cisco Unified Communications
Manager (aka ...)
+	TODO: check
+CVE-2011-1605 (Unspecified vulnerability in Cisco Unified Communications
Manager (aka ...)
+	TODO: check
+CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM,
...)
+	TODO: check
 CVE-2011-1603
 	RESERVED
 CVE-2011-1602
@@ -621,8 +668,8 @@
 	[lenny] - rdesktop <no-dsa> (Minor issue)
 CVE-2011-1594
 	RESERVED
-CVE-2011-1593
-	RESERVED
+CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in
kernel/pid.c ...)
+	TODO: check
 CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark
1.4.x ...)
 	- wireshark <not-affected> (Windows-specific)
 CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in ...)
@@ -662,8 +709,7 @@
 	- mediawiki <unfixed> 
 CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.16.3, ...)
 	- mediawiki <unfixed> 
-CVE-2011-1577
-	RESERVED
+CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in ...)
 	- linux-2.6 <unfixed> (low)
 CVE-2011-1576
 	RESERVED
@@ -757,10 +803,10 @@
 	RESERVED
 CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy''s PHP
Knowledgebase ...)
 	NOT-FOR-US: Aphpkb
-CVE-2011-1545
-	RESERVED
-CVE-2011-1544
-	RESERVED
+CVE-2011-1545 (Cross-site request forgery (CSRF) vulnerability in HP Insight
Control ...)
+	TODO: check
+CVE-2011-1544 (Unspecified vulnerability in HP Insight Control Performance
Management ...)
+	TODO: check
 CVE-2011-1543 (Cross-site request forgery (CSRF) vulnerability in HP Systems
Insight ...)
 	TODO: check
 CVE-2011-1542 (Cross-site scripting (XSS) vulnerability in HP Systems Insight
Manager ...)
@@ -769,12 +815,12 @@
 	TODO: check
 CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH)
...)
 	TODO: check
-CVE-2011-1539
-	RESERVED
-CVE-2011-1538
-	RESERVED
-CVE-2011-1537
-	RESERVED
+CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP)
before 8.7 ...)
+	TODO: check
+CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP)
before ...)
+	TODO: check
+CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support
Pack ...)
+	TODO: check
 CVE-2011-1536 (Unspecified vulnerability in HP Performance Insight 5.0, 5.1x.
5.2x, ...)
 	TODO: check
 CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka
...)
@@ -801,10 +847,9 @@
 	NOT-FOR-US: RealPlayer
 CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login
GUI ...)
 	NOT-FOR-US: Symantec LiveUpdate Administrator 
-CVE-2011-1523
-	RESERVED
-CVE-2011-1522
-	RESERVED
+CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in ...)
+	TODO: check
+CVE-2011-1522 (Multiple SQL injection vulnerabilities in the ...)
 	{DSA-2223-1}
 	- doctrine <unfixed> (bug #622674)
 CVE-2010-4777
@@ -905,11 +950,9 @@
 	{DSA-2212-1}
 	- tmux 1.4-6 (bug #620304)
 	NOTE: CVE id requested
-CVE-2011-1495
-	RESERVED
+CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38
and ...)
 	- linux-2.6 <unfixed> (unimportant)
-CVE-2011-1494
-	RESERVED
+CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in ...)
 	- linux-2.6 <unfixed> (unimportant)
 CVE-2011-1493
 	RESERVED
@@ -1027,52 +1070,52 @@
 	RESERVED
 CVE-2011-1457
 	RESERVED
-CVE-2011-1456
-	RESERVED
-CVE-2011-1455
-	RESERVED
-CVE-2011-1454
-	RESERVED
+CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF
forms, ...)
+	TODO: check
+CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF
...)
+	TODO: check
+CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling
functionality in ...)
+	TODO: check
 CVE-2011-1453
 	RESERVED
-CVE-2011-1452
-	RESERVED
-CVE-2011-1451
-	RESERVED
-CVE-2011-1450
-	RESERVED
-CVE-2011-1449
-	RESERVED
-CVE-2011-1448
-	RESERVED
-CVE-2011-1447
-	RESERVED
-CVE-2011-1446
-	RESERVED
-CVE-2011-1445
-	RESERVED
-CVE-2011-1444
-	RESERVED
-CVE-2011-1443
-	RESERVED
-CVE-2011-1442
-	RESERVED
-CVE-2011-1441
-	RESERVED
-CVE-2011-1440
-	RESERVED
-CVE-2011-1439
-	RESERVED
-CVE-2011-1438
-	RESERVED
-CVE-2011-1437
-	RESERVED
-CVE-2011-1436
-	RESERVED
-CVE-2011-1435
-	RESERVED
-CVE-2011-1434
-	RESERVED
+CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote
attackers ...)
+	TODO: check
+CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id
maps, ...)
+	TODO: check
+CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file
...)
+	TODO: check
+CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in
...)
+	TODO: check
+CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform
height ...)
+	TODO: check
+CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle
drop-down ...)
+	TODO: check
+CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to
spoof the ...)
+	TODO: check
+CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG
...)
+	TODO: check
+CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google
Chrome ...)
+	TODO: check
+CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement
layering, ...)
+	TODO: check
+CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle
mutation ...)
+	TODO: check
+CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a
cast of ...)
+	TODO: check
+CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57
...)
+	TODO: check
+CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly
isolate ...)
+	TODO: check
+CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to
bypass the ...)
+	TODO: check
+CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57
allow ...)
+	TODO: check
+CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly
interact ...)
+	TODO: check
+CVE-2011-1435 (Google Chrome before 11.0.696.57 does not properly implement the
tabs ...)
+	TODO: check
+CVE-2011-1434 (Google Chrome before 11.0.696.57 does not ensure thread safety
during ...)
+	TODO: check
 CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in
Open ...)
 	- otrs2 <unfixed>
 	TODO: check, whether otrs2 is really affected
@@ -1411,12 +1454,12 @@
 	- widelands 1:15-3 (low; bug #617960)
 	[squeeze] - widelands <no-dsa> (Minor issue)
 	[lenny] - widelands <no-dsa> (Minor issue)
-CVE-2011-1305
-	RESERVED
-CVE-2011-1304
-	RESERVED
-CVE-2011-1303
-	RESERVED
+CVE-2011-1305 (Race condition in Google Chrome before 11.0.696.57 on Linux and
Mac OS ...)
+	TODO: check
+CVE-2011-1304 (Unspecified vulnerability in Google Chrome before 11.0.696.57
allows ...)
+	TODO: check
+CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle
floating ...)
+	TODO: check
 CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome
before ...)
 	- chromium-browser 10.0.648.205~r81283-1
 	- webkit <undetermined>
@@ -1799,8 +1842,7 @@
 CVE-2011-1170
 	RESERVED
 	- linux-2.6 2.6.38-4 (low)
-CVE-2011-1169
-	RESERVED
+CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
@@ -2122,8 +2164,7 @@
 	NOTE: http://seclists.org/oss-sec/2011/q1/368
 CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity
...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
-CVE-2011-1087 [vlc bookmarks memory corruption]
-	RESERVED
+CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows ...)
 	- vlc <unfixed> (low; bug #616156)
 	[squeeze] - vlc <no-dsa> (Minor issue)
 	[lenny] - vlc <no-dsa> (Minor issue)
@@ -3489,8 +3530,8 @@
 	RESERVED
 CVE-2011-0611 (Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X,
Linux, and ...)
 	NOT-FOR-US: Adobe Flash Player / Acrobat Reader
-CVE-2011-0610
-	RESERVED
+CVE-2011-0610 (The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x
through ...)
+	TODO: check
 CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and
...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
@@ -4396,8 +4437,8 @@
 	RESERVED
 CVE-2010-4666
 	RESERVED
-CVE-2010-4665
-	RESERVED
+CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in
...)
+	TODO: check
 CVE-2010-4664
 	RESERVED
 CVE-2010-4663
@@ -5565,8 +5606,7 @@
 	RESERVED
 CVE-2009-5023
 	RESERVED
-CVE-2009-5022
-	RESERVED
+CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder
in ...)
 	- tiff <unfixed> (bug #624287)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999
 CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...)
Secure testing commits - May 2011 - r16624 - data/CVE

[Secure-testing-commits] r16624 - data/CVE
