Author: joeyh Date: 2011-09-15 21:14:23 +0000 (Thu, 15 Sep 2011) New Revision: 17252 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-09-15 15:02:00 UTC (rev 17251) +++ data/CVE/list 2011-09-15 21:14:23 UTC (rev 17252) @@ -1,3 +1,15 @@ +CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server ...) + TODO: check +CVE-2011-3480 + RESERVED +CVE-2011-3479 + RESERVED +CVE-2011-3478 + RESERVED +CVE-2011-3477 + RESERVED +CVE-2011-3476 + RESERVED CVE-2011-XXXX - tahoe-lafs 1.8.3-1 (bug #641540) CVE-2011-3475 @@ -140,16 +152,19 @@ NOTE: https://www.djangoproject.com/weblog/2011/sep/10/127/ NOTE: CVE id requested on oss-security CVE-2011-3482 [Wireshark CSN.1 dissector vulnerability] + RESERVED - wireshark <unfixed> [squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) [lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html CVE-2011-3483 [Wireshark buffer exception handling vulnerability] + RESERVED - wireshark <unfixed> [squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) [lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html CVE-2011-3484 [Wireshark OpenSafety dissector vulnerability] + RESERVED - wireshark <unfixed> [squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) [lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) @@ -675,8 +690,7 @@ [squeeze] - openssl <no-dsa> (Minor issue) CVE-2011-3209 RESERVED -CVE-2011-3208 - RESERVED +CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...) - cyrus-imapd-2.2 <unfixed> (medium) - cyrus-imapd-2.4 <unfixed> (medium) - kolab-cyrus-imapd <unfixed> (medium) @@ -2326,8 +2340,8 @@ NOTE: no code injection, not treated as a security issue, see README.Debian.security CVE-2011-2596 RESERVED -CVE-2011-2595 - RESERVED +CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build ...) + TODO: check CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...) TODO: check CVE-2011-2593 @@ -2354,8 +2368,8 @@ RESERVED CVE-2011-2582 RESERVED -CVE-2011-2581 - RESERVED +CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before ...) + TODO: check CVE-2011-2580 RESERVED CVE-2011-2579 @@ -2704,41 +2718,29 @@ RESERVED CVE-2011-2443 RESERVED -CVE-2011-2442 - RESERVED +CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2441 - RESERVED +CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2440 - RESERVED +CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2439 - RESERVED +CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2438 - RESERVED +CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2437 - RESERVED +CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2436 - RESERVED +CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2435 - RESERVED +CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2434 - RESERVED +CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2433 - RESERVED +CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2432 - RESERVED +CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat ...) NOT-FOR-US: Adobe Reader and Acrobat -CVE-2011-2431 - RESERVED +CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2430 RESERVED @@ -3274,8 +3276,8 @@ [lenny] - tomcat6 <no-dsa> (Minor issue) [squeeze] - tomcat6 <no-dsa> (Minor issue) - tomcat7 7.0.16-3 (low; bug #632882) -CVE-2011-2201 - RESERVED +CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when ...) + TODO: check CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...) - dbus 1.4.12-1 (low; bug #629938) [squeeze] - dbus 1.2.24-4+squeeze1 @@ -3888,30 +3890,30 @@ RESERVED CVE-2011-1992 RESERVED -CVE-2011-1991 - RESERVED -CVE-2011-1990 - RESERVED -CVE-2011-1989 - RESERVED -CVE-2011-1988 - RESERVED -CVE-2011-1987 - RESERVED -CVE-2011-1986 - RESERVED +CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...) + TODO: check +CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; ...) + TODO: check +CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...) + TODO: check +CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; ...) + TODO: check +CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in ...) + TODO: check +CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...) + TODO: check CVE-2011-1985 RESERVED -CVE-2011-1984 - RESERVED +CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...) + TODO: check CVE-2011-1983 RESERVED -CVE-2011-1982 - RESERVED +CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...) + TODO: check CVE-2011-1981 RESERVED -CVE-2011-1980 - RESERVED +CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and ...) + TODO: check CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate ...) NOT-FOR-US: Microsoft Visio CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly ...) @@ -4146,14 +4148,14 @@ RESERVED CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, ...) NOT-FOR-US: Microsoft Windows -CVE-2011-1893 - RESERVED -CVE-2011-1892 - RESERVED -CVE-2011-1891 - RESERVED -CVE-2011-1890 - RESERVED +CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...) + TODO: check +CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and ...) + TODO: check +CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...) + TODO: check +CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...) + TODO: check CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...) NOT-FOR-US: Microsoft Forefront Threat Management Gateway CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 ...) @@ -5775,8 +5777,7 @@ NOT-FOR-US: IBM WebSphere Application Server CVE-2011-1354 RESERVED -CVE-2011-1353 - RESERVED +CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-1352 RESERVED @@ -6015,7 +6016,7 @@ NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1253 RESERVED -CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API in ...) +CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in ...) NOT-FOR-US: Microsoft Internet Explorer @@ -7908,8 +7909,8 @@ NOT-FOR-US: Microsoft CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...) NOT-FOR-US: Windows 2003 -CVE-2011-0653 - RESERVED +CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...) + TODO: check CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look ''n'' Stop Firewall 2.06p4 and 2.07 ...) NOT-FOR-US: Look ''n'' Stop Firewall CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs ...)