Author: joeyh
Date: 2011-01-11 21:16:08 +0000 (Tue, 11 Jan 2011)
New Revision: 15831
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-11 19:52:40 UTC (rev 15830)
+++ data/CVE/list 2011-01-11 21:16:08 UTC (rev 15831)
@@ -1,3 +1,25 @@
+CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
+ TODO: check
+CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech
KingView ...)
+ TODO: check
+CVE-2011-0405 (Directory traversal vulnerability in module.php in PhpGedView
4.2.3 ...)
+ TODO: check
+CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for
Linux ...)
+ TODO: check
+CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in [VENDOR]
ImgBurn ...)
+ TODO: check
+CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows
user-assisted ...)
+ TODO: check
+CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files
stored ...)
+ TODO: check
+CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for
the ...)
+ TODO: check
+CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login
form ...)
+ TODO: check
+CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not
properly ...)
+ TODO: check
+CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in
Coppermine ...)
+ TODO: check
CVE-2011-0397
RESERVED
CVE-2011-0396
@@ -279,8 +301,7 @@
CVE-2011-XXXX
- xdigger <removed> (bug #609096)
[lenny] - xdigger <no-dsa> (Minor issue)
-CVE-2010-4645 [php5 DoS via strtod hitting x87 unit bug]
- RESERVED
+CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before
5.2.17 ...)
- php5 5.3.3-7 (high)
[lenny] - php5 <unfixed> (high)
NOTE: lenny9 doesn''t appear to be affected, for a reason still
unknown
@@ -1142,13 +1163,11 @@
- egroupware <removed>
TODO: check
NOTE: http://wordpress.org/news/2010/12/3-0-4-update/
-CVE-2010-4535
- RESERVED
+CVE-2010-4535 (The password reset functionality in django.contrib.auth in
Django ...)
- python-django 1.2.4-1
[squeeze] - python-django 1.2.3-3
NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
-CVE-2010-4534
- RESERVED
+CVE-2010-4534 (The administrative interface in django.contrib.admin in Django
before ...)
- python-django 1.2.4-1
[squeeze] - python-django 1.2.3-3
NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
@@ -1176,11 +1195,9 @@
CVE-2010-4527
RESERVED
- linux-2.6 <unfixed>
-CVE-2010-4526 [sctp: a race between ICMP protocol unreachable and connect()]
- RESERVED
+CVE-2010-4526 (Race condition in the Linux kernel 2.6.11-rc2 through 2.6.33
allows ...)
- linux-2.6 2.6.32-30
-CVE-2010-4525
- RESERVED
+CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the ...)
- linux-2.6 2.6.35-1
[squeeze] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
[lenny] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
@@ -1292,19 +1309,17 @@
RESERVED
CVE-2011-0008
RESERVED
-CVE-2011-0007
- RESERVED
+CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted
local ...)
- pimd 2.1.6-1 (bug #609304)
CVE-2011-0006
RESERVED
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
-CVE-2011-0005
- RESERVED
-CVE-2011-0004
- RESERVED
-CVE-2011-0003 [MediaWiki clickjacking]
- RESERVED
+CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search
module for ...)
+ TODO: check
+CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik
before ...)
+ TODO: check
+CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is
...)
{DTSA-207-1}
- mediawiki <unfixed>
[lenny] - mediawiki <no-dsa> (Fixed in next point update)
@@ -1943,8 +1958,7 @@
- linux-2.6 <unfixed>
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in
the ...)
- linux-2.6 2.6.32-29
-CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
- RESERVED
+CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c
and ...)
- linux-2.6 <unfixed>
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php
in ...)
NOT-FOR-US: pfSense
@@ -1957,8 +1971,7 @@
CVE-2010-4243 [linux: mem allocated invisible to oom_kill() when not attached
to any threads]
RESERVED
- linux-2.6 <unfixed>
-CVE-2010-4242 [linux: missing tty ops write function presence check in
hci_uart_tty_open()]
- RESERVED
+CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver ...)
- linux-2.6 2.6.32-28
CVE-2010-4241
RESERVED
@@ -1995,8 +2008,7 @@
RESERVED
CVE-2010-4226
RESERVED
-CVE-2010-4225
- RESERVED
+CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono
2.8.x ...)
- mono <unfixed> (bug #608288)
CVE-2010-4224
RESERVED
@@ -2134,8 +2146,7 @@
CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on
Fedora 13 ...)
- dracut <not-affected> (vulnerable script not shipped)
- udev <not-affected> (vulnerable script not shipped; fedora-specific
issue)
-CVE-2010-4175 [linux: integer overflow in RDS]
- RESERVED
+CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function
(net/rds/rdma.c) ...)
- linux-2.6 2.6.32-28
CVE-2010-4174
RESERVED
@@ -2519,8 +2530,8 @@
RESERVED
CVE-2010-4014
RESERVED
-CVE-2010-4013
- RESERVED
+CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X
10.6.x ...)
+ TODO: check
CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and
later ...)
NOT-FOR-US: Apple iOS
CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage
...)
@@ -2862,8 +2873,7 @@
[lenny] - proftpd-dfsg <no-dsa> (Minor issue)
CVE-2010-3866
REJECTED
-CVE-2010-3865
- RESERVED
+CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in
net/rds/rdma.c in ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f
through ...)
@@ -2887,7 +2897,7 @@
CVE-2010-3857
RESERVED
CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3,
and ...)
- {DSA-2122-1}
+ {DSA-2122-2 DSA-2122-1}
- glibc <removed>
- eglibc <unfixed> (bug #600667)
[squeeze] - eglibc 2.11.2-6+squeeze1
@@ -2912,7 +2922,7 @@
{DSA-2126-1}
- linux-2.6 2.6.32-28
CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6)
...)
- {DSA-2122-1}
+ {DSA-2122-2 DSA-2122-1}
- eglibc 2.11.2-7 (bug #600667)
- glibc <removed>
[squeeze] - eglibc 2.11.2-6+squeeze1
@@ -4051,8 +4061,7 @@
{DSA-2127-1}
- wireshark 1.2.11-3 (low)
NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
-CVE-2010-3444 [pfribidi buffer overflow]
- RESERVED
+CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in
GNU ...)
- pyfribidi 0.10.0-2 (bug #570068)
[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be
installed to trigger this)
CVE-2010-3443 [quassel CTCP DoS]
@@ -8866,8 +8875,7 @@
NOT-FOR-US: Microsoft Office Visio
CVE-2010-1680
RESERVED
-CVE-2010-1679
- RESERVED
+CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before
...)
{DSA-2142-1}
- dpkg 1.15.8.8
CVE-2010-1678