Author: joeyh Date: 2011-11-14 21:15:51 +0000 (Mon, 14 Nov 2011) New Revision: 17613 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-11-14 19:10:50 UTC (rev 17612) +++ data/CVE/list 2011-11-14 21:15:51 UTC (rev 17613) @@ -1,3 +1,85 @@ +CVE-2012-0020 + RESERVED +CVE-2012-0019 + RESERVED +CVE-2012-0018 + RESERVED +CVE-2012-0017 + RESERVED +CVE-2012-0016 + RESERVED +CVE-2012-0015 + RESERVED +CVE-2012-0014 + RESERVED +CVE-2012-0013 + RESERVED +CVE-2012-0012 + RESERVED +CVE-2012-0011 + RESERVED +CVE-2012-0010 + RESERVED +CVE-2012-0009 + RESERVED +CVE-2012-0008 + RESERVED +CVE-2012-0007 + RESERVED +CVE-2012-0006 + RESERVED +CVE-2012-0005 + RESERVED +CVE-2012-0004 + RESERVED +CVE-2012-0003 + RESERVED +CVE-2012-0002 + RESERVED +CVE-2012-0001 + RESERVED +CVE-2011-4436 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) + TODO: check +CVE-2011-4435 (The web-server component in the Consolidation and Analysis Engine ...) + TODO: check +CVE-2011-4434 (Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 ...) + TODO: check +CVE-2011-4433 + RESERVED +CVE-2011-4432 (www/include/configuration/nconfigObject/contact/DB-Func.php in ...) + TODO: check +CVE-2011-4431 (Directory traversal vulnerability in main.php in Merethis Centreon ...) + TODO: check +CVE-2011-4430 + RESERVED +CVE-2011-4429 + RESERVED +CVE-2011-4428 + RESERVED +CVE-2011-4427 + RESERVED +CVE-2011-4426 + RESERVED +CVE-2011-4425 + RESERVED +CVE-2011-4424 + RESERVED +CVE-2011-4423 + RESERVED +CVE-2011-4422 + RESERVED +CVE-2011-4421 + RESERVED +CVE-2011-4420 + RESERVED +CVE-2011-4419 + RESERVED +CVE-2011-4418 + RESERVED +CVE-2011-4417 + RESERVED +CVE-2011-4416 + RESERVED CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server ...) - apache2 <unfixed> CVE-2011-4414 @@ -1036,12 +1118,12 @@ RESERVED CVE-2011-4049 RESERVED -CVE-2011-4048 - RESERVED -CVE-2011-4047 - RESERVED -CVE-2011-4046 - RESERVED +CVE-2011-4048 (The Dell KACE K2000 System Deployment Appliance has a default username ...) + TODO: check +CVE-2011-4047 (The Dell KACE K2000 System Deployment Appliance allows remote ...) + TODO: check +CVE-2011-4046 (The Dell KACE K2000 System Deployment Appliance stores the recovery ...) + TODO: check CVE-2011-4045 RESERVED CVE-2011-4044 @@ -1345,12 +1427,12 @@ RESERVED CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute ...) - chasen <unfixed> (medium; bug #648359) -CVE-2011-3999 - RESERVED -CVE-2011-3998 - RESERVED -CVE-2011-3997 - RESERVED +CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader ...) + TODO: check +CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and ...) + TODO: check +CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote ...) + TODO: check CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote ...) NOT-FOR-US: CSWorks CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 ...) @@ -1373,8 +1455,8 @@ NOT-FOR-US: DAEMON Tools CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows ...) NOT-FOR-US: Pligg -CVE-2011-3985 - RESERVED +CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows ...) + TODO: check CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...) NOT-FOR-US: KENT-WEB WEB FORUM CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...) @@ -1595,20 +1677,20 @@ RESERVED CVE-2011-3899 RESERVED -CVE-2011-3898 - RESERVED -CVE-2011-3897 - RESERVED -CVE-2011-3896 - RESERVED -CVE-2011-3895 - RESERVED -CVE-2011-3894 - RESERVED -CVE-2011-3893 - RESERVED -CVE-2011-3892 - RESERVED +CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...) + TODO: check +CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 ...) + TODO: check +CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote ...) + TODO: check +CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome ...) + TODO: check +CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 ...) + TODO: check +CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...) + TODO: check +CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...) + TODO: check CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...) - chromium-browser 15.0.874.106~r107270-1 - webkit <undetermined> @@ -2735,14 +2817,14 @@ RESERVED CVE-2011-3443 RESERVED -CVE-2011-3442 - RESERVED -CVE-2011-3441 - RESERVED -CVE-2011-3440 - RESERVED -CVE-2011-3439 - RESERVED +CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of ...) + TODO: check +CVE-2011-3441 (libinfo in Apple iOS before 5.0.1 does not properly formulate ...) + TODO: check +CVE-2011-3440 (The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does ...) + TODO: check +CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote ...) + TODO: check CVE-2011-3438 RESERVED CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...) @@ -2948,8 +3030,8 @@ [lenny] - rpm <no-dsa> (rpm isn''t used a a package manager, very limited attack vector) CVE-2011-3377 RESERVED -CVE-2011-3376 - RESERVED +CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...) + TODO: check CVE-2011-3375 RESERVED CVE-2011-3374 [apt-key insecure validation] @@ -3293,7 +3375,7 @@ NOT-FOR-US: Apple QuickTime CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows ...) NOT-FOR-US: Apple QuickTime -CVE-2011-3246 (CFNetwork in Apple iOS before 5 and Mac OS X 10.7 before 10.7.2 does ...) +CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 ...) NOT-FOR-US: Apple iOS CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final ...) NOT-FOR-US: Apple iOS @@ -4838,10 +4920,10 @@ RESERVED CVE-2011-2741 RESERVED -CVE-2011-2740 - RESERVED -CVE-2011-2739 - RESERVED +CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when ...) + TODO: check +CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x ...) + TODO: check CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor ...) NOT-FOR-US: Cisco Unified Service Monitor, CiscoWorks LAN Management Solution CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to ...) @@ -5594,38 +5676,27 @@ RESERVED CVE-2011-2461 RESERVED -CVE-2011-2460 - RESERVED +CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2459 - RESERVED +CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2458 - RESERVED +CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2457 - RESERVED +CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2456 - RESERVED +CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2455 - RESERVED +CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2454 - RESERVED +CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2453 - RESERVED +CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2452 - RESERVED +CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2451 - RESERVED +CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2011-2450 - RESERVED +CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows ...) TODO: check @@ -5635,8 +5706,7 @@ TODO: check CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...) TODO: check -CVE-2011-2445 - RESERVED +CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...) NOT-FOR-US: Adobe Flash Player CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) NOT-FOR-US: Adobe Flash Player @@ -8710,12 +8780,12 @@ RESERVED CVE-2011-1376 RESERVED -CVE-2011-1375 - RESERVED +CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and ...) + TODO: check CVE-2011-1374 RESERVED -CVE-2011-1373 - RESERVED +CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the ...) + TODO: check CVE-2011-1372 RESERVED CVE-2011-1371 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM ...)