Author: joeyh
Date: 2012-01-17 21:14:23 +0000 (Tue, 17 Jan 2012)
New Revision: 18192
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-17 20:31:46 UTC (rev 18191)
+++ data/CVE/list 2012-01-17 21:14:23 UTC (rev 18192)
@@ -1,3 +1,23 @@
+CVE-2012-0699
+ RESERVED
+CVE-2012-0698
+ RESERVED
+CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging
...)
+ TODO: check
+CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access
Authentication ...)
+ TODO: check
+CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ TODO: check
+CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
+ TODO: check
+CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x
...)
+ TODO: check
+CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for
Perl ...)
+ TODO: check
+CVE-2010-5082
+ RESERVED
CVE-2012-XXXX [Jenkins and hash collision attack]
- jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553)
- jenkins-executable-war 1.25-1 (bug #655554)
@@ -15,8 +35,8 @@
- webkit <undetermined>
CVE-2012-0694
RESERVED
-CVE-2012-0693
- RESERVED
+CVE-2012-0693 (submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows
remote ...)
+ TODO: check
CVE-2012-0692
RESERVED
CVE-2012-0691
@@ -966,10 +986,10 @@
RESERVED
CVE-2012-0268
RESERVED
-CVE-2012-0267
- RESERVED
-CVE-2012-0266
- RESERVED
+CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8
allows ...)
+ TODO: check
+CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control
...)
+ TODO: check
CVE-2012-0265
RESERVED
CVE-2011-5046 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7
...)
@@ -1471,8 +1491,7 @@
CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not
properly ...)
{DSA-2370-1}
- unbound 1.4.14-1 (medium)
-CVE-2011-4868
- RESERVED
+CVE-2011-4868 (The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2,
when ...)
- isc-dhcp <unfixed> (low; bug #655746)
[squeeze] - isc-dhcp <not-affected> (vulnerable code not present)
CVE-2011-4867
@@ -2278,8 +2297,8 @@
{DSA-2387-1}
- simplesamlphp 1.8.2-1
NOTE:
http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
-CVE-2012-0039
- RESERVED
+CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash
function ...)
+ TODO: check
CVE-2012-0038
RESERVED
- linux-2.6 <unfixed>
@@ -2302,8 +2321,7 @@
RESERVED
CVE-2012-0031
RESERVED
-CVE-2012-0030
- RESERVED
+CVE-2012-0030 (Nova 2011.3 and Essex, when using the OpenStack API, allows
remote ...)
- nova <unfixed>
CVE-2012-0029
RESERVED
@@ -4016,8 +4034,7 @@
RESERVED
CVE-2011-4115
RESERVED
-CVE-2011-4114 [PAR packed files are extracted to unsafe and predictable
temporary directories]
- RESERVED
+CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012
for ...)
- libpar-packer-perl 1.012-1 (bug #650706)
[squeeze] - libpar-packer-perl <no-dsa> (Minor issue)
- libpar-perl 1.005-1 (bug #650707)
@@ -4211,8 +4228,8 @@
NOT-FOR-US: D-Link DCS-2121
CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface
in ...)
- phpmyadmin 4:3.4.6-1 (unimportant)
-CVE-2011-4057
- RESERVED
+CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly
other ...)
+ TODO: check
CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens
Tecnomatix ...)
NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4055 (Buffer overflow in the WebClient ActiveX control in Siemens
Tecnomatix ...)
@@ -5669,8 +5686,7 @@
- phppgadmin 5.0.3-1 (low; bug #644290)
[squeeze] - phppgadmin <no-dsa> (Minor issue)
NOTE: https://secunia.com/advisories/46248/
-CVE-2011-3597 [unsafe use of eval]
- RESERVED
+CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows
...)
- libdigest-perl 1.17-1 (low; bug #644108)
[lenny] - libdigest-perl <no-dsa> (Minor issue)
[squeeze] - libdigest-perl <no-dsa> (Minor issue)
@@ -7574,8 +7590,7 @@
- stunnel4 3:4.42-1 (bug #638758)
[squeeze] - stunnel4 <not-affected> (Only 4.4x affected)
[lenny] - stunnel4 <not-affected> (Only 4.4x affected)
-CVE-2011-2939 [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs]
- RESERVED
+CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs
in ...)
- perl 5.12.4-4 (low; bug #637376)
[squeeze] - perl <no-dsa> (Minor issue)
[lenny] - perl <no-dsa> (Minor issue)
@@ -8125,8 +8140,7 @@
- acpid 1:2.0.14-1
[lenny] - acpid <not-affected> (Vulnerable code not present)
[squeeze] - acpid 1:2.0.7-1squeeze3
-CVE-2011-2776
- RESERVED
+CVE-2011-2776 (Buffer overflow in the Error function in super.c in Super 3.30.0
might ...)
{DSA-2383-1}
- super 3.30.0-6
CVE-2011-2775
@@ -12101,8 +12115,8 @@
RESERVED
CVE-2011-1378 (IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the
MQM ...)
NOT-FOR-US: IBM WebSphere
-CVE-2011-1377
- RESERVED
+CVE-2011-1377 (The Web Services Security component in the Web Services Feature
Pack ...)
+ TODO: check
CVE-2011-1376
RESERVED
CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and
...)
@@ -12131,8 +12145,8 @@
NOT-FOR-US: Goole App Engine Python SDK
CVE-2011-1363
RESERVED
-CVE-2011-1362
- RESERVED
+CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation
...)
+ TODO: check
CVE-2011-1361
RESERVED
CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP
Server ...)
@@ -12607,8 +12621,7 @@
[squeeze] - chromium-browser <no-dsa> (minor issue)
- webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/74853
-CVE-2011-1184
- RESERVED
+CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
- tomcat6 6.0.32-7
- tomcat7 7.0.12
- tomcat5.5 <removed>