thr3ads.net - Secure testing commits - [Secure-testing-commits] r16054

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Feb-03 21:15 UTC
[Secure-testing-commits] r16054 - data/CVE

Author: joeyh
Date: 2011-02-03 21:15:33 +0000 (Thu, 03 Feb 2011)
New Revision: 16054

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-03 20:22:53 UTC (rev 16053)
+++ data/CVE/list	2011-02-03 21:15:33 UTC (rev 16054)
@@ -1,3 +1,87 @@
+CVE-2011-0758
+	RESERVED
+CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on
Linux, ...)
+	TODO: check
+CVE-2011-0756
+	RESERVED
+CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4
might ...)
+	TODO: check
+CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library
(SPL) ...)
+	TODO: check
+CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when
a ...)
+	TODO: check
+CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use
of the ...)
+	TODO: check
+CVE-2011-0751
+	RESERVED
+CVE-2011-0750
+	RESERVED
+CVE-2011-0749
+	RESERVED
+CVE-2011-0748
+	RESERVED
+CVE-2011-0747
+	RESERVED
+CVE-2011-0746
+	RESERVED
+CVE-2011-0745
+	RESERVED
+CVE-2011-0744
+	RESERVED
+CVE-2011-0743
+	RESERVED
+CVE-2011-0742 (Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld
Management ...)
+	TODO: check
+CVE-2011-0741 (Multiple cross-site scripting (XSS) vulnerabilities in ModX
Evolution ...)
+	TODO: check
+CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2011-0739 (The deliver function in the sendmail delivery agent ...)
+	TODO: check
+CVE-2011-0738 (MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through
...)
+	TODO: check
+CVE-2011-0737 (Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers
to ...)
+	TODO: check
+CVE-2011-0736 (Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application
is ...)
+	TODO: check
+CVE-2011-0735 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion
before ...)
+	TODO: check
+CVE-2011-0734 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion
9.0.1 ...)
+	TODO: check
+CVE-2011-0733 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion,
possibly ...)
+	TODO: check
+CVE-2011-0732 (Multiple unspecified vulnerabilities in IBM Tivoli Integrated
Portal ...)
+	TODO: check
+CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component
in ...)
+	TODO: check
+CVE-2011-0730
+	RESERVED
+CVE-2011-0729
+	RESERVED
+CVE-2011-0728
+	RESERVED
+CVE-2011-0727
+	RESERVED
+CVE-2011-0726
+	RESERVED
+CVE-2011-0725
+	RESERVED
+CVE-2011-0724
+	RESERVED
+CVE-2011-0723
+	RESERVED
+CVE-2011-0722
+	RESERVED
+CVE-2011-0721
+	RESERVED
+CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows
remote ...)
+	TODO: check
+CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto
(com_jeauto) ...)
+	TODO: check
+CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio)
component ...)
+	TODO: check
+CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2011-0720
 	RESERVED
 CVE-2011-0719
@@ -410,7 +494,7 @@
 	RESERVED
 CVE-2011-0538
 	RESERVED
-CVE-2011-0537  [mediawiki server-side arbitrary script inclusion vulnerability]
+CVE-2011-0537 [mediawiki server-side arbitrary script inclusion vulnerability]
 	RESERVED
 	- mediawiki <unfixed> (bug #611787)
 CVE-2011-0536
@@ -449,8 +533,7 @@
 	- gypsy <itp> (bug #491723)
 CVE-2011-0522
 	RESERVED
-CVE-2011-0521 [av7110 negative array offset]
-	RESERVED
+CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c
in ...)
 	{DSA-2153-1}
 	- linux-2.6 <unfixed>
 CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP
Photo ...)
@@ -928,8 +1011,8 @@
 	RESERVED
 CVE-2011-0322
 	RESERVED
-CVE-2011-0321
-	RESERVED
+CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
+	TODO: check
 CVE-2011-0320
 	RESERVED
 CVE-2011-0319
@@ -1142,8 +1225,7 @@
 	- xpdf 3.02-9
 	- poppler <unfixed>
 	NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
-CVE-2010-4652 [buffer overflow when preparing SQL queries]
-	RESERVED
+CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function
...)
 	- proftpd-dfsg 1.3.3a-6
 CVE-2010-4651 [patch directory traversal]
 	RESERVED
@@ -1275,8 +1357,8 @@
 	RESERVED
 CVE-2011-0277
 	RESERVED
-CVE-2011-0276
-	RESERVED
+CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and
5.41 ...)
+	TODO: check
 CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector
6.0, ...)
 	NOT-FOR-US: HP OpenView
 CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business
Availability ...)
@@ -2096,8 +2178,7 @@
 	RESERVED
 CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x
through ...)
 	NOT-FOR-US: OpenVAS Manager
-CVE-2011-0017 [lack of return code checks for setuid/setgid]
-	RESERVED
+CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not
check ...)
 	{DSA-2154-1}
 	- exim4 4.72-4
 CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not
...)
@@ -3375,8 +3456,8 @@
 	RESERVED
 CVE-2010-4016
 	RESERVED
-CVE-2010-4015 [psql buffer overflow in intarray module]
-	RESERVED
+CVE-2010-4015 (Buffer overflow in the gettoken function in ...)
+	{DSA-2157-1}
 	- postgresql-9.0 9.0.3-1
 	- postgresql-8.4 8.4.7-1
 	- postgresql-8.3 <removed>
@@ -3579,10 +3660,10 @@
 	REJECTED
 CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion
...)
 	NOT-FOR-US: Rocomotion
-CVE-2010-3930
-	RESERVED
-CVE-2010-3929
-	RESERVED
+CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and
earlier ...)
+	TODO: check
+CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier
allows ...)
+	TODO: check
 CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to
a ...)
 	NOT-FOR-US: Ruby Version Manager
 CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0
allows ...)
@@ -3757,8 +3838,7 @@
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in ...)
 	{DSA-2155-1}
 	- freetype 2.4.2-2.1 (bug #602221)
-CVE-2010-3854 [unspecified cross-site scripting vulnerability in CouchDB]
-	RESERVED
+CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
 	- couchdb <unfixed>
 CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka
pam) ...)
 	- pam <unfixed> (low; bug #608273)
@@ -4159,7 +4239,7 @@
 	NOT-FOR-US: IBM DB2 UDB 9.5
 CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a
allows ...)
 	NOT-FOR-US: IBM DB2 UDB 9.5
-CVE-2010-3731 (Buffer overflow in the Administration Server component in IBM
DB2 UDB ...)
+CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation
in the ...)
 	NOT-FOR-US: IBM DB2 UDB 9.5
 CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use
information ...)
 	- webkit <not-affected> (issue in libv8)
@@ -4190,8 +4270,8 @@
 	RESERVED
 CVE-2010-3720
 	RESERVED
-CVE-2010-3719
-	RESERVED
+CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
+	TODO: check
 CVE-2010-3718
 	RESERVED
 CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15,
4.3.x ...)
@@ -5389,10 +5469,10 @@
 	RESERVED
 CVE-2010-3271
 	RESERVED
-CVE-2010-3270
-	RESERVED
-CVE-2010-3269
-	RESERVED
+CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB
before ...)
+	TODO: check
+CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx
Recording ...)
+	TODO: check
 CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe
in ...)
 	NOT-FOR-US: Symantec Antivirus
 CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before
3.4.5 ...)
@@ -6077,14 +6157,14 @@
 	RESERVED
 CVE-2010-3045
 	RESERVED
-CVE-2010-3044
-	RESERVED
-CVE-2010-3043
-	RESERVED
-CVE-2010-3042
-	RESERVED
-CVE-2010-3041
-	RESERVED
+CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
+	TODO: check
+CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
+	TODO: check
+CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
+	TODO: check
+CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format
(WRF) ...)
+	TODO: check
 CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup
Manager in ...)
 	NOT-FOR-US: Cisco Intelligent Contact Manager
 CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified
Communications ...)
@@ -29854,9 +29934,9 @@
 CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
 	NOT-FOR-US: Foxit Reader
 CVE-2009-0190
-	RESERVED
+	REJECTED
 CVE-2009-0189
-	RESERVED
+	REJECTED
 CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute
...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3,
and ...)
Secure testing commits - Feb 2011 - r16054 - data/CVE

[Secure-testing-commits] r16054 - data/CVE
