Author: joeyh
Date: 2011-01-31 21:14:53 +0000 (Mon, 31 Jan 2011)
New Revision: 16019
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-31 18:42:50 UTC (rev 16018)
+++ data/CVE/list 2011-01-31 21:14:53 UTC (rev 16019)
@@ -1,3 +1,67 @@
+CVE-2011-0679 (IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM
Lotus Web ...)
+ TODO: check
+CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in
...)
+ TODO: check
+CVE-2011-0677
+ RESERVED
+CVE-2011-0676
+ RESERVED
+CVE-2011-0675
+ RESERVED
+CVE-2011-0674
+ RESERVED
+CVE-2011-0673
+ RESERVED
+CVE-2011-0672
+ RESERVED
+CVE-2011-0671
+ RESERVED
+CVE-2011-0670
+ RESERVED
+CVE-2011-0669
+ RESERVED
+CVE-2011-0668
+ RESERVED
+CVE-2011-0667
+ RESERVED
+CVE-2011-0666
+ RESERVED
+CVE-2011-0665
+ RESERVED
+CVE-2011-0664
+ RESERVED
+CVE-2011-0663
+ RESERVED
+CVE-2011-0662
+ RESERVED
+CVE-2011-0661
+ RESERVED
+CVE-2011-0660
+ RESERVED
+CVE-2011-0659
+ RESERVED
+CVE-2011-0658
+ RESERVED
+CVE-2011-0657
+ RESERVED
+CVE-2011-0656
+ RESERVED
+CVE-2011-0655
+ RESERVED
+CVE-2011-0654
+ RESERVED
+CVE-2011-0653
+ RESERVED
+CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look ''n'' Stop
Firewall 2.06p4 and 2.07 ...)
+ TODO: check
+CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs
...)
+ TODO: check
+CVE-2011-0650 (Cross-site request forgery (CSRF) vulnerability in Greenbone
Security ...)
+ TODO: check
+CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method
in the ...)
+ TODO: check
+CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP
Master ...)
+ TODO: check
CVE-2011-XXXX [Reoccurance of CVE-2005-3534]
- nbd 1:2.9.16-8 (bug #611187)
CVE-2011-XXXX [yet another weborf DoS]
@@ -56,8 +120,7 @@
CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
NOTE: Not packaged in Debian, separate package Shibboleth IdP
NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
-CVE-2011-0520 [maradns crash with long queries]
- RESERVED
+CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in
MaraDNS ...)
- maradns 1.4.03-1.1 (bug #610834)
CVE-2011-0634
RESERVED
@@ -709,12 +772,12 @@
NOT-FOR-US: Linksys router
CVE-2011-0351
RESERVED
-CVE-2011-0350
- RESERVED
-CVE-2011-0349
- RESERVED
-CVE-2011-0348
- RESERVED
+CVE-2011-0350 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before
12.4(24)MD2 ...)
+ TODO: check
+CVE-2011-0349 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before
12.4(24)MD2 ...)
+ TODO: check
+CVE-2011-0348 (Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before
...)
+ TODO: check
CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote
attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in
...)
@@ -909,8 +972,7 @@
NOTE: sgid games is dropped before buffer overflow
CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
- libggi <unfixed> (bug #608981)
-CVE-2011-0343 [syslog-ng log permissions]
- RESERVED
+CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on
...)
- syslog-ng 3.1.3-2 (bug #608491)
[lenny] - syslog-ng <not-affected> (2.0 not affected, also
Freebsd-specific, which is not supported in Lenny anyway)
CVE-2010-XXXX [XSS in ftpls]
@@ -1007,8 +1069,7 @@
CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before
1.6.15 ...)
- subversion 1.6.12dfsg-3 (low; bug #608989)
[lenny] - subversion <no-dsa> (Minor issue)
-CVE-2010-4643
- RESERVED
+CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo)
2.x and ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise
before ...)
@@ -1115,8 +1176,8 @@
RESERVED
CVE-2011-0276
RESERVED
-CVE-2011-0275
- RESERVED
+CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector
6.0, ...)
+ TODO: check
CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business
Availability ...)
NOT-FOR-US: HP Business Availability
CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector
Cell ...)
@@ -1593,15 +1654,13 @@
RESERVED
CVE-2011-0049
RESERVED
-CVE-2011-0048 [XSS]
- RESERVED
+CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4,
and ...)
- bugzilla <unfixed>
TODO: check
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0047
RESERVED
-CVE-2011-0046 [CSRF]
- RESERVED
+CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Bugzilla ...)
- bugzilla <unfixed>
TODO: check
NOTE: http://www.bugzilla.org/security/3.2.9/
@@ -1626,8 +1685,7 @@
NOTE: http://codereview.chromium.org/4716006
CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified
sfcb.cfg is ...)
NOT-FOR-US: VMware ESXi
-CVE-2010-4572
- RESERVED
+CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before
3.2.10, ...)
- perl <undetermined>
- libcgi-pm-perl <undetermined>
- libcgi-simple-perl <undetermined>
@@ -1636,18 +1694,14 @@
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4571
RESERVED
-CVE-2010-4570 [XSS in dups detection]
- RESERVED
+CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the
duplicate-detection ...)
- bugzilla <not-affected> (vulnerable code introduced in 3.7)
-CVE-2010-4569 [XSS in username autocomplete]
- RESERVED
+CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1,
3.7.2, ...)
- bugzilla <not-affected> (vulnerable code introduced in 3.7)
-CVE-2010-4568 [account compromise]
- RESERVED
+CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before
3.2.10; ...)
- bugzilla <unfixed> (high; bug #611176)
NOTE: http://www.bugzilla.org/security/3.2.9/
-CVE-2010-4567 [XSS]
- RESERVED
+CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4,
and ...)
- bugzilla <unfixed>
TODO: check
NOTE: http://www.bugzilla.org/security/3.2.9/
@@ -1944,8 +1998,7 @@
- pango1.0 1.28.3-1+squeeze1 (bug #610792)
CVE-2011-0019
RESERVED
-CVE-2011-0018
- RESERVED
+CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x
through ...)
NOT-FOR-US: OpenVAS Manager
CVE-2011-0017 [lack of return code checks for setuid/setgid]
RESERVED
@@ -2433,10 +2486,10 @@
RESERVED
CVE-2010-4327
RESERVED
-CVE-2010-4326
- RESERVED
-CVE-2010-4325
- RESERVED
+CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet
Agent ...)
+ TODO: check
+CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA)
in ...)
+ TODO: check
CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in
the ...)
NOT-FOR-US: Novell Identity Manager
CVE-2010-4323
@@ -2629,8 +2682,7 @@
- xen 4.0.1-2 (bug #609531)
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10
is ...)
- moon <not-affected> (Debian''s version of Moonlight is not
affected, see #608288)
-CVE-2010-4253
- RESERVED
+CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo)
2.x and ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly
...)
@@ -3588,7 +3640,7 @@
CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the
Linux ...)
- linux-2.6 2.6.32-29
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
-CVE-2010-3860 (IcedTea before 1.9.2, as based on OpenJDK 6, declares multiple
...)
+CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before
...)
- openjdk-6 6b18-1.8.3-1
CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in
the ...)
{DSA-2126-1}
@@ -4138,8 +4190,7 @@
- glpi <unfixed> (unimportant)
NOTE: Only supported behind an authenticated HTTP zone
- moodle 1.9.9.dfsg2-2 (bug #601384)
-CVE-2010-3689
- RESERVED
+CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a
zero-length ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and
earlier ...)
@@ -4743,24 +4794,19 @@
NOT-FOR-US: EnergyScripts Simple Download
CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in
AChecker 1.0 ...)
NOT-FOR-US: AChecker
-CVE-2010-3454
- RESERVED
+CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem
...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3453
- RESERVED
+CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3452
- RESERVED
+CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo)
2.x ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3451
- RESERVED
+CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo)
2.x ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
-CVE-2010-3450
- RESERVED
+CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org
(OOo) ...)
{DSA-2151-1}
- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback
before ...)
@@ -6177,7 +6223,7 @@
CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)
{DSA-2099-1}
- openoffice.org 1:3.2.1-6
-CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 3.2.1
on ...)
+CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x
and 3.x ...)
{DSA-2099-1}
- openoffice.org 1:3.2.1-6
CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote
...)
@@ -6609,12 +6655,12 @@
RESERVED
CVE-2010-2780
RESERVED
-CVE-2010-2779
- RESERVED
-CVE-2010-2778
- RESERVED
-CVE-2010-2777
- RESERVED
+CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell
...)
+ TODO: check
+CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell
...)
+ TODO: check
+CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in
GroupWise ...)
+ TODO: check
CVE-2010-2776
RESERVED
CVE-2010-2775