Author: jmm
Date: 2011-06-28 15:12:13 +0000 (Tue, 28 Jun 2011)
New Revision: 16857
Modified:
data/CVE/list
Log:
update from NVD database
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-06-28 15:09:37 UTC (rev 16856)
+++ data/CVE/list 2011-06-28 15:12:13 UTC (rev 16857)
@@ -1,3 +1,13 @@
+CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in ...)
+ TODO: check
+CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28
allows ...)
+ TODO: check
+CVE-2011-2532 (The json.decode function in util/json.lua in Prosody 0.8.x
before ...)
+ TODO: check
+CVE-2011-2531 (Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an
incorrect ...)
+ TODO: check
+CVE-2011-2530 (Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware
...)
+ TODO: check
CVE-2011-XXXX [dokuwiki ACL bypass]
- dokuwiki <unfixed> (low; bug #631818)
[squeeze] - dokuwiki <no-dsa> (Minor issue)
@@ -99,9 +109,11 @@
CVE-2011-2491
RESERVED
CVE-2011-2490 [opie: missing setuid() retval check in opielogin]
+ RESERVED
- opie <unfixed> (bug #631345)
TODO: check severity
CVE-2011-2489 [opie: off by one in opiesu]
+ RESERVED
- opie <unfixed> (bug #631344)
TODO: check severity
CVE-2011-2488 [Joomla unspecified information disclosure vulnerability]
@@ -116,8 +128,8 @@
- gdk-pixbuf <unfixed> (bug #631524)
[lenny] - gdk-pixbuf <undetermined>
TODO: check lenny
-CVE-2011-2484
- RESERVED
+CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux
...)
+ TODO: check
CVE-2011-2483 [openwall blowfish implementation weakness]
RESERVED
- libcrypt-eksblowfish-perl <not-affected> (discovered and corrected in
initial release in 2007)
@@ -717,10 +729,9 @@
RESERVED
CVE-2011-2207
RESERVED
-CVE-2011-2206
- RESERVED
-CVE-2011-2205 [prosody billion laughs]
- RESERVED
+CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated
users ...)
+ TODO: check
+CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during
entity ...)
- prosody 0.7.0-1 (low; bug #579087)
[squeeze] - prosody <no-dsa> (Minor issue)
[lenny] - prosody <no-dsa> (Minor issue)
@@ -728,16 +739,16 @@
RESERVED
CVE-2011-2201
RESERVED
-CVE-2011-2200
- RESERVED
+CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in
D-Bus ...)
+ TODO: check
CVE-2011-2197
RESERVED
CVE-2011-2196
RESERVED
CVE-2011-2195
RESERVED
-CVE-2011-2193
- RESERVED
+CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and
Queue ...)
+ TODO: check
CVE-2011-2192 [libcurl inappropriate GSSAPI delegation]
RESERVED
- curl 7.21.6-2 (high; bug #631615)
@@ -770,7 +781,7 @@
TODO: check
CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before
6.3.x, ...)
TODO: check
-CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c
in config.cgi in Icinga ...)
+CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c
in ...)
- icinga <undetermined>
NOTE: 1.4.1 is said to be fixed
- nagios3 <undetermined>
@@ -842,8 +853,7 @@
CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows
remote ...)
- chromium-browser 12.0.742.91~r87961-1
- libv8 <undetermined>
-CVE-2011-2194 [vlc xspf integer overflow]
- RESERVED
+CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VLC 0.8.5
through ...)
{DSA-2257-1}
- vlc 1.1.10-1
[lenny] - vlc <not-affected> (Vulnerable code not present)
@@ -854,8 +864,7 @@
[squeeze] - cherokee <no-dsa> (Minor issue)
[lenny] - cherokee <no-dsa> (Minor issue)
NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212
-CVE-2011-2188 [lua-expat billion laugh mitigation]
- RESERVED
+CVE-2011-2188 (LuaExpat before 1.2.0 does not properly detect recursion during
entity ...)
- lua-expat 1.2.0-1 (low; bug #629225)
[squeeze] - lua-expat <no-dsa> (Minor issue)
[lenny] - lua-expat <no-dsa> (Minor issue)
@@ -907,6 +916,7 @@
NOT-FOR-US: IBM Web Content Manager
CVE-2011-2182 [incomplete fix for cve-2011-1017]
RESERVED
+ {DSA-2264-1}
- linux-2.6 <unfixed>
CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c
in ...)
- nagios3 3.2.3-3 (bug #629127)
@@ -1555,8 +1565,8 @@
NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html
CVE-2011-1909
RESERVED
-CVE-2011-1908
- RESERVED
+CVE-2011-1908 (Integer overflow in the Type 1 font decoder in the FreeType
engine in ...)
+ TODO: check
CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores
specific ...)
NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
@@ -1987,8 +1997,7 @@
NOT-FOR-US: Apache Struts 2.x
CVE-2011-1771
RESERVED
-CVE-2011-1770
- RESERVED
+CVE-2011-1770 (Integer underflow in the dccp_parse_options function ...)
{DSA-2240-1}
- linux-2.6 2.6.39-1
[squeeze] - linux-2.6 2.6.32-34squeeze1
@@ -2000,6 +2009,7 @@
NOTE:
http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
CVE-2011-1768
RESERVED
+ {DSA-2264-1}
CVE-2011-1767
RESERVED
{DSA-2264-1 DSA-2240-1}
@@ -2027,21 +2037,17 @@
- sssd <not-affected> (Only affects version 1.5+)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=700867
NOTE:
http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a
-CVE-2011-1757
- RESERVED
-CVE-2011-1756 [citadel-server billion laughs]
- RESERVED
+CVE-2011-1757 (DJabberd 0.84 and earlier does not properly detect recursion
during ...)
+ TODO: check
+CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not
properly ...)
{DSA-2250-1}
- citadel <unfixed> (medium)
-CVE-2011-1755 [jabberd2 billion laughs]
- RESERVED
+CVE-2011-1755 (jabberd2 before 2.2.14 does not properly detect recursion during
...)
- jabberd2 2.2.8-2.1 (medium)
-CVE-2011-1754 [jabberd14 billion laughs]
- RESERVED
+CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion
...)
{DSA-2249-1}
- jabberd14 1.6.1.1-5.1
-CVE-2011-1753 [ejabberd billion laughs]
- RESERVED
+CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before
3.0.0-alpha-3, and ...)
{DSA-2248-1}
- ejabberd 2.1.6-2.1 (medium)
CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as
distributed in ...)
@@ -2466,6 +2472,7 @@
CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.16.3, ...)
- mediawiki <unfixed>
CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in ...)
+ {DSA-2264-1}
- linux-2.6 <unfixed> (low)
CVE-2011-1576
RESERVED
@@ -2764,12 +2771,12 @@
RESERVED
CVE-2011-1483
RESERVED
-CVE-2011-1482
- RESERVED
-CVE-2011-1481
- RESERVED
-CVE-2011-1480
- RESERVED
+CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
+CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco
Burzi ...)
+ TODO: check
+CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration
backend ...)
+ TODO: check
CVE-2011-1479
RESERVED
- linux-2.6 2.6.38-4
@@ -3066,8 +3073,7 @@
RESERVED
CVE-2011-1410
RESERVED
-CVE-2011-1409 [fex missing check for authid]
- RESERVED
+CVE-2011-1409 (Frams''s Fast File EXchange (F*EX, aka fex) 20100208,
and possibly ...)
{DSA-2259-1}
- fex 20110610-1
CVE-2011-1408
@@ -3236,8 +3242,8 @@
RESERVED
CVE-2011-1331
RESERVED
-CVE-2011-1330
- RESERVED
+CVE-2011-1330 (Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE,
5.02 ...)
+ TODO: check
CVE-2011-1329 (WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly
...)
NOT-FOR-US: WalRack
CVE-2011-1328 (SQL injection vulnerability in RADVISION iVIEW Suite before 7.5
allows ...)
@@ -3682,20 +3688,16 @@
{DSA-2225-1}
- asterisk 1:1.8.3.3-1
[lenny] - asterisk <not-affected> (Vulnerable code not present)
-CVE-2011-1173
- RESERVED
+CVE-2011-1173 (The econet_sendmsg function in net/econet/af_econet.c in the
Linux ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1172
- RESERVED
+CVE-2011-1172 (net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in
the ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1171
- RESERVED
+CVE-2011-1171 (net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the
Linux ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
-CVE-2011-1170
- RESERVED
+CVE-2011-1170 (net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in
the ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in ...)
@@ -3796,16 +3798,16 @@
- wireshark 1.4.4-1
[lenny] - wireshark <not-affected> (Vulnerable code not present)
[squeeze] - wireshark <not-affected> (Vulnerable code not present)
-CVE-2011-1131
- RESERVED
-CVE-2011-1130
- RESERVED
-CVE-2011-1129
- RESERVED
-CVE-2011-1128
- RESERVED
-CVE-2011-1127
- RESERVED
+CVE-2011-1131 (The PlushSearch2 function in Search.php in Simple Machines Forum
(SMF) ...)
+ TODO: check
+CVE-2011-1130 (Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0
RC5, ...)
+ TODO: check
+CVE-2011-1129 (Cross-site scripting (XSS) vulnerability in the EditNews
function in ...)
+ TODO: check
+CVE-2011-1128 (The loadUserSettings function in Load.php in Simple Machines
Forum ...)
+ TODO: check
+CVE-2011-1127 (SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x
before ...)
+ TODO: check
CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware
...)
NOT-FOR-US: VMware Workstation
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or
libc6) ...)
@@ -3989,6 +3991,7 @@
NOTE: http://seclists.org/oss-sec/2011/q1/434
CVE-2011-1093
RESERVED
+ {DSA-2264-1}
- linux-2.6 2.6.38-1 (low)
[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows
...)
@@ -4040,7 +4043,7 @@
- linux-2.6 2.6.38-4 (low)
CVE-2011-1078
RESERVED
- {DSA-2240-1}
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-4 (low)
CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Archiva ...)
NOT-FOR-US: Apache Archiva
@@ -4226,7 +4229,7 @@
{DSA-2182-1}
- logwatch 7.3.6.cvs20090906-2 (bug #615995)
CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in ...)
- {DSA-2240-1}
+ {DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-5
CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do
not ...)
{DSA-2240-1}
@@ -4249,11 +4252,13 @@
[squeeze] - linux-2.6 2.6.32-31
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1012 (The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux
kernel ...)
+ {DSA-2264-1}
- linux-2.6 2.6.38-1
[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1011 (The seunshare_mount function in sandbox/seunshare.c in seunshare
in ...)
NOT-FOR-US: seunshare
CVE-2011-1010 (Buffer overflow in the mac_partition function in
fs/partitions/mac.c ...)
+ {DSA-2264-1}
- linux-2.6 2.6.37-2
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
@@ -4340,8 +4345,7 @@
NOT-FOR-US: WebSCADA
CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS
Login ...)
NOT-FOR-US: IBM WebSphere Application Server
-CVE-2011-1132 [kfreebsd dos]
- RESERVED
+CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before
10.6.8 ...)
- kfreebsd-8 <unfixed> (low; bug #613312; bug #611476)
[squeeze] - kfreebsd-8 8.1+dfsg-8
[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
@@ -5160,6 +5164,7 @@
{DSA-2264-1 DSA-2240-1}
- linux-2.6 <unfixed> (low)
CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the
Linux ...)
+ {DSA-2264-1}
- linux-2.6 2.6.37-2 (low)
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
@@ -6391,6 +6396,7 @@
[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4655 [heap contents leak for CAP_NET_ADMIN via ethtool ioctl]
RESERVED
+ {DSA-2264-1}
- linux-2.6 2.6.32-27
CVE-2010-4654 [Malformed commands may cause corruption of the internal stack]
RESERVED
@@ -6663,42 +6669,42 @@
RESERVED
CVE-2011-0214
RESERVED
-CVE-2011-0213
- RESERVED
-CVE-2011-0212
- RESERVED
-CVE-2011-0211
- RESERVED
-CVE-2011-0210
- RESERVED
-CVE-2011-0209
- RESERVED
-CVE-2011-0208
- RESERVED
-CVE-2011-0207
- RESERVED
-CVE-2011-0206
- RESERVED
-CVE-2011-0205
- RESERVED
-CVE-2011-0204
- RESERVED
-CVE-2011-0203
- RESERVED
-CVE-2011-0202
- RESERVED
-CVE-2011-0201
- RESERVED
-CVE-2011-0200
- RESERVED
-CVE-2011-0199
- RESERVED
-CVE-2011-0198
- RESERVED
-CVE-2011-0197
- RESERVED
-CVE-2011-0196
- RESERVED
+CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8
allows ...)
+ TODO: check
+CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote
attackers to ...)
+ TODO: check
+CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8
allows ...)
+ TODO: check
+CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote
attackers to ...)
+ TODO: check
+CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8
allows ...)
+ TODO: check
+CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote
attackers ...)
+ TODO: check
+CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a
...)
+ TODO: check
+CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in
Apple ...)
+ TODO: check
+CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before
10.6.8 ...)
+ TODO: check
+CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before
10.6.8 ...)
+ TODO: check
+CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server
...)
+ TODO: check
+CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8
...)
+ TODO: check
+CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS
X ...)
+ TODO: check
+CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8
allows ...)
+ TODO: check
+CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before
10.6.8 ...)
+ TODO: check
+CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple
Mac ...)
+ TODO: check
+CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry
...)
+ TODO: check
+CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to
cause a ...)
+ TODO: check
CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x
before ...)
NOT-FOR-US: Apple iOS
TODO: Check with Apple, whether this is the standard libxslt
@@ -8792,6 +8798,7 @@
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4075 (The uart_get_count function in drivers/serial/serial_core.c in
the ...)
+ {DSA-2264-1}
- linux-2.6 2.6.37-1 (low)
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
@@ -13105,6 +13112,7 @@
CVE-2010-2525
RESERVED
CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in
the ...)
+ {DSA-2264-1}
- linux-2.6 2.6.32-19
CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP
0.4 ...)
NOT-FOR-US: UMIP
@@ -17192,6 +17200,7 @@
- php5 5.3.2-1 (unimportant)
NOTE: safe_mode not supported
CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13
does not ...)
+ {DSA-2195-1}
- php5 5.3.2-1 (low)
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain
data ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -26595,8 +26604,7 @@
[etch] - groff <not-affected> (pdfroff not yet present)
[lenny] - groff <not-affected> (pdfroff not yet present)
NOTE: requested CVE ids
-CVE-2009-5044 [groff: uses insecure temp files]
- RESERVED
+CVE-2009-5044 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21
allows ...)
- groff 1.20.1-5 (low; bug #538330)
[etch] - groff <not-affected> (pdfroff not yet present)
[lenny] - groff <not-affected> (pdfroff not yet present)