Author: joeyh
Date: 2011-01-10 21:14:35 +0000 (Mon, 10 Jan 2011)
New Revision: 15826
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-10 17:31:36 UTC (rev 15825)
+++ data/CVE/list 2011-01-10 21:14:35 UTC (rev 15826)
@@ -1,3 +1,281 @@
+CVE-2011-0397
+ RESERVED
+CVE-2011-0396
+ RESERVED
+CVE-2011-0395
+ RESERVED
+CVE-2011-0394
+ RESERVED
+CVE-2011-0393
+ RESERVED
+CVE-2011-0392
+ RESERVED
+CVE-2011-0391
+ RESERVED
+CVE-2011-0390
+ RESERVED
+CVE-2011-0389
+ RESERVED
+CVE-2011-0388
+ RESERVED
+CVE-2011-0387
+ RESERVED
+CVE-2011-0386
+ RESERVED
+CVE-2011-0385
+ RESERVED
+CVE-2011-0384
+ RESERVED
+CVE-2011-0383
+ RESERVED
+CVE-2011-0382
+ RESERVED
+CVE-2011-0381
+ RESERVED
+CVE-2011-0380
+ RESERVED
+CVE-2011-0379
+ RESERVED
+CVE-2011-0378
+ RESERVED
+CVE-2011-0377
+ RESERVED
+CVE-2011-0376
+ RESERVED
+CVE-2011-0375
+ RESERVED
+CVE-2011-0374
+ RESERVED
+CVE-2011-0373
+ RESERVED
+CVE-2011-0372
+ RESERVED
+CVE-2011-0371
+ RESERVED
+CVE-2011-0370
+ RESERVED
+CVE-2011-0369
+ RESERVED
+CVE-2011-0368
+ RESERVED
+CVE-2011-0367
+ RESERVED
+CVE-2011-0366
+ RESERVED
+CVE-2011-0365
+ RESERVED
+CVE-2011-0364
+ RESERVED
+CVE-2011-0363
+ RESERVED
+CVE-2011-0362
+ RESERVED
+CVE-2011-0361
+ RESERVED
+CVE-2011-0360
+ RESERVED
+CVE-2011-0359
+ RESERVED
+CVE-2011-0358
+ RESERVED
+CVE-2011-0357
+ RESERVED
+CVE-2011-0356
+ RESERVED
+CVE-2011-0355
+ RESERVED
+CVE-2011-0354
+ RESERVED
+CVE-2011-0353
+ RESERVED
+CVE-2011-0352
+ RESERVED
+CVE-2011-0351
+ RESERVED
+CVE-2011-0350
+ RESERVED
+CVE-2011-0349
+ RESERVED
+CVE-2011-0348
+ RESERVED
+CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote
attackers to ...)
+ TODO: check
+CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in
...)
+ TODO: check
+CVE-2011-0345
+ RESERVED
+CVE-2011-0344
+ RESERVED
+CVE-2011-0342
+ RESERVED
+CVE-2011-0341
+ RESERVED
+CVE-2011-0340
+ RESERVED
+CVE-2011-0339
+ RESERVED
+CVE-2011-0338
+ RESERVED
+CVE-2011-0337
+ RESERVED
+CVE-2011-0336
+ RESERVED
+CVE-2011-0335
+ RESERVED
+CVE-2011-0334
+ RESERVED
+CVE-2011-0333
+ RESERVED
+CVE-2011-0332
+ RESERVED
+CVE-2011-0331
+ RESERVED
+CVE-2011-0330
+ RESERVED
+CVE-2011-0329
+ RESERVED
+CVE-2011-0328
+ RESERVED
+CVE-2011-0327
+ RESERVED
+CVE-2011-0326
+ RESERVED
+CVE-2011-0325
+ RESERVED
+CVE-2011-0324
+ RESERVED
+CVE-2011-0323
+ RESERVED
+CVE-2011-0322
+ RESERVED
+CVE-2011-0321
+ RESERVED
+CVE-2011-0320
+ RESERVED
+CVE-2011-0319
+ RESERVED
+CVE-2011-0318
+ RESERVED
+CVE-2011-0317
+ RESERVED
+CVE-2011-0316
+ RESERVED
+CVE-2011-0315
+ RESERVED
+CVE-2011-0314
+ RESERVED
+CVE-2011-0313
+ RESERVED
+CVE-2011-0312
+ RESERVED
+CVE-2011-0311
+ RESERVED
+CVE-2011-0310
+ RESERVED
+CVE-2011-0309
+ RESERVED
+CVE-2011-0308
+ RESERVED
+CVE-2011-0307
+ RESERVED
+CVE-2011-0306
+ RESERVED
+CVE-2011-0305
+ RESERVED
+CVE-2011-0304
+ RESERVED
+CVE-2011-0303
+ RESERVED
+CVE-2011-0302
+ RESERVED
+CVE-2011-0301
+ RESERVED
+CVE-2011-0300
+ RESERVED
+CVE-2011-0299
+ RESERVED
+CVE-2011-0298
+ RESERVED
+CVE-2011-0297
+ RESERVED
+CVE-2011-0296
+ RESERVED
+CVE-2011-0295
+ RESERVED
+CVE-2011-0294
+ RESERVED
+CVE-2011-0293
+ RESERVED
+CVE-2011-0292
+ RESERVED
+CVE-2011-0291
+ RESERVED
+CVE-2011-0290
+ RESERVED
+CVE-2011-0289
+ RESERVED
+CVE-2011-0288
+ RESERVED
+CVE-2011-0287
+ RESERVED
+CVE-2011-0286
+ RESERVED
+CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+ TODO: check
+CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+ TODO: check
+CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive
Security ...)
+ TODO: check
+CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
+CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco
...)
+ TODO: check
+CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS
...)
+ TODO: check
+CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does
not ...)
+ TODO: check
+CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache
upon a ...)
+ TODO: check
+CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is
enabled, ...)
+ TODO: check
+CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote
...)
+ TODO: check
+CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500
series ...)
+ TODO: check
+CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+ TODO: check
+CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances
(ASA) ...)
+ TODO: check
+CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
+CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
+CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series
devices ...)
+ TODO: check
+CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+ TODO: check
+CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
+CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+ TODO: check
+CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
+CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
+CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6
stack ...)
+ TODO: check
+CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6
stack ...)
+ TODO: check
+CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6
stack ...)
+ TODO: check
+CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows
remote ...)
+ TODO: check
+CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the
H.323 ...)
+ TODO: check
+CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic
during ...)
+ TODO: check
+CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices
with ...)
+ TODO: check
CVE-2011-XXXX
- xdigger <removed> (bug #609096)
[lenny] - xdigger <no-dsa> (Minor issue)
@@ -16,6 +294,7 @@
- zhcon <unfixed> (bug #608981)
TODO: check
CVE-2011-0343 [syslog-ng log permissions]
+ RESERVED
- syslog-ng 3.1.3-2 (bug #608491)
[lenny] - syslog-ng <not-affected> (Freebsd-specific, which is not
supported in Lenny)
CVE-2010-XXXX [XSS in ftpls]
@@ -85,8 +364,7 @@
RESERVED
CVE-2010-4646
RESERVED
-CVE-2010-4644 [fix server-side memory leaks triggered by ''blame
-g'']
- RESERVED
+CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before
1.6.15 ...)
- subversion 1.6.12dfsg-3 (bug #608989)
NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
CVE-2010-4643
@@ -137,17 +415,13 @@
RESERVED
CVE-2010-4620
RESERVED
-CVE-2010-4543 [heap overflow read_channel_data() in file-psp.c]
- RESERVED
+CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in
...)
- gimp <unfixed> (bug #608497)
-CVE-2010-4542 [GFIG plugin stack buffer overflow]
- RESERVED
+CVE-2010-4542 (Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11
allows ...)
- gimp <unfixed> (bug #608497)
-CVE-2010-4541 [SPHERE DESIGNER plugin stack buffer overflow]
- RESERVED
+CVE-2010-4541 (Stack-based buffer overflow in the SPHERE DESIGNER plugin in
GIMP ...)
- gimp <unfixed> (bug #608497)
-CVE-2010-4540 [LIGHTING EFFECTS > LIGHT plugin stack buffer overflow]
- RESERVED
+CVE-2010-4540 (Stack-based buffer overflow in the "LIGHTING EFFECTS
> LIGHT" plugin ...)
- gimp <unfixed> (bug #608497)
CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti
(aka ...)
NOT-FOR-US: Mafya Oyun Scrpti
@@ -768,8 +1042,7 @@
NOT-FOR-US: Invensys Wonderware InBatch
CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX
control ...)
NOT-FOR-US: SAP NetWeaver Business Client
-CVE-2010-4523
- RESERVED
+CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC
0.11.13 ...)
- opensc 0.11.13-1.1 (low; bug #607427)
[lenny] - opensc <no-dsa> (Minor issue)
CVE-2010-4555
@@ -856,12 +1129,10 @@
- wordpress 3.0.3-1 (bug #606657)
[lenny] - wordpress <not-affected> (vulnerable code not present)
NOTE: http://core.trac.wordpress.org/changeset/16803
-CVE-2010-4539 [crash in mod_dav_svn when using SVNParentPath]
- RESERVED
+CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the
Apache ...)
- subversion 1.6.12dfsg-4 (bug #608989)
NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
-CVE-2010-4538 [ENTTEC dissector overflow]
- RESERVED
+CVE-2010-4538 (Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark
1.4.2 ...)
- wireshark <unfixed> (bug #608990)
CVE-2010-4537
RESERVED
@@ -900,8 +1171,7 @@
CVE-2010-4529
RESERVED
- linux-2.6 2.6.32-30
-CVE-2010-4528 [pidgin msn issue]
- RESERVED
+CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6
through ...)
- pidgin 2.7.9-1 (bug #608331; medium)
CVE-2010-4527
RESERVED
@@ -1042,17 +1312,17 @@
RESERVED
CVE-2011-0001
RESERVED
-CVE-2010-4499
- RESERVED
-CVE-2010-4498
- RESERVED
-CVE-2010-4497
- RESERVED
-CVE-2010-4496
- RESERVED
+CVE-2010-4499 (Session fixation vulnerability in Collaborative Information
Manager ...)
+ TODO: check
+CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager
server, ...)
+ TODO: check
+CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative
Information ...)
+ TODO: check
+CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative
Information ...)
+ TODO: check
CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component
in ...)
NOT-FOR-US: TIBCO ActiveMatrix
-CVE-2010-4494 (Double free vulnerability in Google Chrome before 8.0.552.215
allows ...)
+CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions,
as used ...)
{DSA-2137-1}
- libxml2 2.7.8.dfsg-2 (bug #607922)
- chromium-browser 5.0.375.29~r46008-1
@@ -1465,12 +1735,12 @@
RESERVED
CVE-2010-4325
RESERVED
-CVE-2010-4324
- RESERVED
+CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in
the ...)
+ TODO: check
CVE-2010-4323
RESERVED
-CVE-2010-4322
- RESERVED
+CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in
Novell ...)
+ TODO: check
CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx
in ...)
NOT-FOR-US: Novell iPrint client
CVE-2010-4320
@@ -1926,8 +2196,7 @@
[lenny] - proftpd-dfsg <no-dsa> (Minor issue)
CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in
Google ...)
- libvpx 0.9.1-2 (bug #602693)
-CVE-2010-4160
- RESERVED
+CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function
in ...)
- linux-2.6 <unfixed> (low)
CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux
kernel ...)
- linux-2.6 2.6.32-29 (low)
@@ -2009,7 +2278,7 @@
NOT-FOR-US: HP StorageWorks
CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery
& Dependency ...)
NOT-FOR-US: HP DDMI
-CVE-2010-4113 (Unspecified vulnerability in HP Power Manager (HPPM) before
4.3.2 ...)
+CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before
4.3.2 ...)
NOT-FOR-US: HP HPPM
CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers
to ...)
NOT-FOR-US: HP Insight Management Agents
@@ -2339,8 +2608,8 @@
NOT-FOR-US: HP VCEM
CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...)
NOT-FOR-US: HP Operations Orchestration
-CVE-2010-3984
- RESERVED
+CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication
r12.0 SP1 ...)
+ TODO: check
CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote
...)
NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to
...)
@@ -2367,7 +2636,7 @@
NOT-FOR-US: Microsoft Internet Information Services
CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify
function ...)
NOT-FOR-US: Microsoft Internet Explorer 7 and 8
-CVE-2010-3970 (Unspecified vulnerability in Microsoft Windows has unknown
impact and ...)
+CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION
function in ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-3969
RESERVED
@@ -2617,8 +2886,7 @@
- linux-2.6 2.6.32-27
CVE-2010-3857
RESERVED
-CVE-2010-3856
- RESERVED
+CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3,
and ...)
{DSA-2122-1}
- glibc <removed>
- eglibc <unfixed> (bug #600667)
@@ -2643,8 +2911,7 @@
CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in
...)
{DSA-2126-1}
- linux-2.6 2.6.32-28
-CVE-2010-3847
- RESERVED
+CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6)
...)
{DSA-2122-1}
- eglibc 2.11.2-7 (bug #600667)
- glibc <removed>
@@ -4141,8 +4408,7 @@
CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...)
- epiphany-browser 2.29.91-1 (bug #564690)
[lenny] - epiphany-browser <not-affected> (Introduced with the switch to
webkit after Lenny release)
-CVE-2010-3311 [freetype heap-based buffer overflow]
- RESERVED
+CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X
FreeType ...)
{DSA-2116-1}
- freetype 2.4.0-1
NOTE: Only the 2.3.x series is affected
@@ -4401,7 +4667,7 @@
NOT-FOR-US: Microsoft Word
CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows
remote ...)
NOT-FOR-US: Microsoft Word
-CVE-2010-3217 (Microsoft Word 2002 SP3 allows remote attackers to execute
arbitrary ...)
+CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows
remote ...)
NOT-FOR-US: Microsoft Word
CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote
attackers ...)
NOT-FOR-US: Microsoft Word
@@ -4435,8 +4701,8 @@
- vlc <not-affected> (Windows-specific)
CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser
3.0.0.3989 ...)
NOT-FOR-US: flock
-CVE-2010-3201
- RESERVED
+CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail
before ...)
+ TODO: check
CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote
...)
NOT-FOR-US: Microsoft Word
CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build
19898 ...)
@@ -4473,7 +4739,7 @@
RESERVED
CVE-2010-3184
RESERVED
-CVE-2010-3183 (The LookupGetterOrSetter function in Mozilla Firefox before
3.5.14 and ...)
+CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla
Firefox ...)
{DSA-2124-1}
- xulrunner <removed>
- iceweasel 3.5.14-1
@@ -6045,17 +6311,13 @@
NOTE: http://trac.webkit.org/changeset/58957
CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0
before FP1 ...)
NOT-FOR-US: IBM WebSphere Service Registry and Repository
-CVE-2010-2643
- RESERVED
+CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend
component ...)
- evince <unfixed> (bug #609534)
-CVE-2010-2642
- RESERVED
+CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the
dvi-backend ...)
- evince <unfixed> (bug #609534)
-CVE-2010-2641
- RESERVED
+CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend
component ...)
- evince <unfixed> (bug #609534)
-CVE-2010-2640
- RESERVED
+CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend
component ...)
- evince <unfixed> (bug #609534)
CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows
remote ...)
NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
@@ -13178,8 +13440,8 @@
RESERVED
CVE-2010-0216
RESERVED
-CVE-2010-0215
- RESERVED
+CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to
bypass ...)
+ TODO: check
CVE-2010-0214
RESERVED
CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has
a ...)