thr3ads.net - Secure testing commits - [Secure-testing-commits] r16950

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Jul-18 21:14 UTC
[Secure-testing-commits] r16950 - data/CVE

Author: joeyh
Date: 2011-07-18 21:14:18 +0000 (Mon, 18 Jul 2011)
New Revision: 16950

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-07-18 15:18:35 UTC (rev 16949)
+++ data/CVE/list	2011-07-18 21:14:18 UTC (rev 16950)
@@ -1,3 +1,33 @@
+CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL
rules ...)
+	TODO: check
+CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in
IBM ...)
+	TODO: check
+CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory
...)
+	TODO: check
+CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in
ManageEngine ...)
+	TODO: check
+CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before
Build ...)
+	TODO: check
+CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in
ManageEngine ...)
+	TODO: check
+CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2
(aka Page ...)
+	TODO: check
+CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier
allows ...)
+	TODO: check
+CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows
remote ...)
+	TODO: check
+CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows
remote ...)
+	TODO: check
+CVE-2011-2749
+	RESERVED
+CVE-2011-2748
+	RESERVED
+CVE-2011-2747
+	RESERVED
+CVE-2011-2746
+	RESERVED
 CVE-2011-2745
 	RESERVED
 CVE-2011-2744
@@ -104,14 +134,11 @@
 	RESERVED
 CVE-2011-2693
 	RESERVED
-CVE-2011-2692
-	RESERVED
+CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x
before ...)
 	- libpng 1.2.46-1 (low; bug #633871)
-CVE-2011-2691
-	RESERVED
+CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before
1.0.55, ...)
 	- libpng 1.2.46-1 (low; bug #633871)
-CVE-2011-2690
-	RESERVED
+CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before
1.2.45, ...)
 	- libpng 1.2.46-1 (high; bug #633871)
 CVE-2011-2689
 	RESERVED
@@ -519,8 +546,8 @@
 	RESERVED
 	- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
 	- kvm <not-affected> (Vulnerable code not present)
-CVE-2011-2526
-	RESERVED
+CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x
before ...)
+	TODO: check
 CVE-2011-2525
 	RESERVED
 	- linux-2.6 2.6.35-1
@@ -567,27 +594,22 @@
 CVE-2011-2511
 	RESERVED
 	- libvirt 0.9.2-7 (bug #633630)
-CVE-2011-2510 [dokuwiki XSS in RSS code]
-	RESERVED
+CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding
feature ...)
 	- dokuwiki 0.0.20110525a-1 (low; bug #631818)
 	[squeeze] - dokuwiki <no-dsa> (Minor issue, will be fixed in point
update)
 	[lenny] - dokuwiki <no-dsa> (Minor issue)
 CVE-2011-2509
 	RESERVED
-CVE-2011-2508 [PMASA-2011-8 filtering of a file path, which allowed for
directory traversal]
-	RESERVED
+CVE-2011-2508 (Directory traversal vulnerability in
libraries/display_tbl.lib.php in ...)
 	- phpmyadmin 4:3.4.3.1-1
-CVE-2011-2507 [PMASA-2011-7 regexp quoting issue in Synchronize code]
-	RESERVED
+CVE-2011-2507 (libraries/server_synchronize.lib.php in the Synchronize
implementation ...)
 	- phpmyadmin 4:3.4.3.1-1 (unimportant)
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: neutralized by Suhosin patch
-CVE-2011-2506 [PMASA-2011-6 possible code injection in case session variables
are compromised]
-	RESERVED
+CVE-2011-2506 (setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before
3.3.10.2 ...)
 	- phpmyadmin 4:3.4.3.1-1 (low)
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
-CVE-2011-2505 [PMASA-2011-5 possible session manipulation in swekey
authentication]
-	RESERVED
+CVE-2011-2505 (libraries/auth/swekey/swekey.auth.lib.php in the Swekey
authentication ...)
 	- phpmyadmin 4:3.4.3.1-1
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2011-2504
@@ -596,8 +618,7 @@
 	RESERVED
 CVE-2011-2502
 	RESERVED
-CVE-2011-2501
-	RESERVED
+CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x
before ...)
 	- libpng 1.2.44-3 (bug #632786)
 	[lenny] - libpng <no-dsa> (Minor issue)
 	[squeeze] - libpng <no-dsa> (Minor issue)
@@ -1240,8 +1261,8 @@
 	RESERVED
 CVE-2011-2221
 	RESERVED
-CVE-2011-2220
-	RESERVED
+CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File
Reporter ...)
+	TODO: check
 CVE-2011-2219
 	RESERVED
 CVE-2011-2218
@@ -1820,8 +1841,7 @@
 	RESERVED
 CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative
...)
 	NOT-FOR-US: Cisco
-CVE-2011-2023 [XSS in HTML email style elt]
-	RESERVED
+CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php
in ...)
 	- squirrelmail <unfixed>
 CVE-2011-2022 (The agp_generic_remove_memory function in
drivers/char/agp/generic.c ...)
 	{DSA-2264-1 DSA-2240-1}
@@ -4051,10 +4071,10 @@
 	[lenny] - dokuwiki <no-dsa> (Minor issue)
 CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does
not ...)
 	NOT-FOR-US: IBM WebSphere MQ
-CVE-2011-1223
-	RESERVED
-CVE-2011-1222
-	RESERVED
+CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named
stream) ...)
+	TODO: check
+CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the
...)
+	TODO: check
 CVE-2011-1221
 	RESERVED
 CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in
IBM ...)
@@ -6800,8 +6820,8 @@
 	RESERVED
 CVE-2011-0288
 	RESERVED
-CVE-2011-0287
-	RESERVED
+CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API
in ...)
+	TODO: check
 CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in
the ...)
 	NOT-FOR-US: BlackBerry Enterprise Server
 CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
@@ -7903,12 +7923,10 @@
 CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC
0.11.13 ...)
 	- opensc 0.11.13-1.1 (low; bug #607427)
 	[lenny] - opensc 0.11.4-5+lenny1.1
-CVE-2010-4555 [squirrelmail xss]
-	RESERVED
+CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
 	- squirrelmail <unfixed> (low)
 	NOTE: difficult to exploit
-CVE-2010-4554 [squirrelmail clickjacking]
-	RESERVED
+CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier
does not ...)
 	- squirrelmail <unfixed>
 CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before
8.5.1.1 ...)
 	NOT-FOR-US: IBM Lotus Notes Traveler
Secure testing commits - Jul 2011 - r16950 - data/CVE

[Secure-testing-commits] r16950 - data/CVE
