Author: joeyh Date: 2011-07-29 21:14:17 +0000 (Fri, 29 Jul 2011) New Revision: 17046 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-07-29 19:19:08 UTC (rev 17045) +++ data/CVE/list 2011-07-29 21:14:17 UTC (rev 17046) @@ -1,3 +1,9 @@ +CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava ...) + TODO: check +CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk ...) + TODO: check +CVE-2011-2956 (AzeoTech DAQFactory before 5.85 (Build 1842) does not perform ...) + TODO: check CVE-2011-XXXX [clamav: off-by-one] - clamav 0.97.2+dfsg-1 (bug #635599) CVE-2011-XXXX [rtkit: failure to drop supplemental groups] @@ -431,8 +437,8 @@ RESERVED CVE-2011-2748 RESERVED -CVE-2011-2747 - RESERVED +CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle invalid ...) + TODO: check CVE-2011-2746 RESERVED CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...) @@ -564,8 +570,8 @@ CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers ...) {DSA-2288-1} - libsndfile 1.0.25-1 -CVE-2011-2695 - RESERVED +CVE-2011-2695 (Multiple off-by-one errors in the ext4 subsystem in the Linux kernel ...) + TODO: check CVE-2011-2694 [Samba SWAT XSS] RESERVED - samba 2:3.5.10~dfsg-1 (low) @@ -580,11 +586,9 @@ CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, ...) {DSA-2287-1} - libpng 1.2.46-1 (high; bug #633871) -CVE-2011-2689 - RESERVED +CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel ...) - linux-2.6 3.0.0-1 -CVE-2011-2688 [libapache2-mod-auth-external sql injection] - RESERVED +CVE-2011-2688 (SQL injection vulnerability in mysql/mysql-auth.pl in the ...) {DSA-2279-1} - libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637) CVE-2011-2687 (Drupal 7.x before 7.3 allows remote attackers to bypass intended ...) @@ -654,8 +658,8 @@ RESERVED CVE-2011-2668 RESERVED -CVE-2011-2667 - RESERVED +CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway ...) + TODO: check CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open ...) - asterisk <undetermined> CVE-2011-2665 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source ...) @@ -928,14 +932,14 @@ RESERVED CVE-2011-2550 RESERVED -CVE-2011-2549 - RESERVED +CVE-2011-2549 (Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco ...) + TODO: check CVE-2011-2548 RESERVED -CVE-2011-2547 - RESERVED -CVE-2011-2546 - RESERVED +CVE-2011-2547 (The web-based management interface on Cisco SA 500 series security ...) + TODO: check +CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on ...) + TODO: check CVE-2011-2545 RESERVED CVE-2011-2544 @@ -1106,8 +1110,7 @@ CVE-2011-2493 RESERVED - linux-2.6 2.6.39-1 (low) -CVE-2011-2492 - RESERVED +CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not ...) - linux-2.6 3.0.0-1 (low) CVE-2011-2491 RESERVED @@ -4268,8 +4271,8 @@ RESERVED CVE-2011-1340 RESERVED -CVE-2011-1339 - RESERVED +CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...) + TODO: check CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows ...) NOT-FOR-US: XnView CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of ...) @@ -27633,6 +27636,7 @@ [etch] - wordpress <not-affected> (Vulnerable code not present) NOTE: not really a security issue in my opinion, just an annoying bug CVE-2008-7291 [gri: insecure temp file generation] + RESERVED - gri 2.12.18-1 (low) [etch] - gri <no-dsa> (Minor issue) [lenny] - gri <no-dsa> (Minor issue)