thr3ads.net - Secure testing commits - [Secure-testing-commits] r16109

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Feb-11 21:18 UTC
[Secure-testing-commits] r16109 - data/CVE

Author: joeyh
Date: 2011-02-11 21:18:31 +0000 (Fri, 11 Feb 2011)
New Revision: 16109

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-02-11 20:23:33 UTC (rev 16108)
+++ data/CVE/list	2011-02-11 21:18:31 UTC (rev 16109)
@@ -1,3 +1,427 @@
+CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform
process ...)
+	TODO: check
+CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle
plug-ins, ...)
+	TODO: check
+CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle
anonymous ...)
+	TODO: check
+CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94
allows ...)
+	TODO: check
+CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event
...)
+	TODO: check
+CVE-2011-0980 (Microsoft Office Excel 2003 does not properly parse Office Art
...)
+	TODO: check
+CVE-2011-0979 (Microsoft Office Excel does not properly handle errors during
the ...)
+	TODO: check
+CVE-2011-0978 (Stack-based buffer overflow in Microsoft Office Excel allows
remote ...)
+	TODO: check
+CVE-2011-0977 (Use-after-free vulnerability in Microsoft Excel 2007 allows
remote ...)
+	TODO: check
+CVE-2011-0976 (Microsoft Office PowerPoint 2007 does not properly handle Office
Art ...)
+	TODO: check
+CVE-2011-0975 (Stack-based buffer overflow in BMC PATROL Agent Service Daemon
for in ...)
+	TODO: check
+CVE-2011-0974
+	RESERVED
+CVE-2011-0973
+	RESERVED
+CVE-2011-0972
+	RESERVED
+CVE-2011-0971
+	RESERVED
+CVE-2011-0970
+	RESERVED
+CVE-2011-0969
+	RESERVED
+CVE-2011-0968
+	RESERVED
+CVE-2011-0967
+	RESERVED
+CVE-2011-0966
+	RESERVED
+CVE-2011-0965
+	RESERVED
+CVE-2011-0964
+	RESERVED
+CVE-2011-0963
+	RESERVED
+CVE-2011-0962
+	RESERVED
+CVE-2011-0961
+	RESERVED
+CVE-2011-0960
+	RESERVED
+CVE-2011-0959
+	RESERVED
+CVE-2011-0958
+	RESERVED
+CVE-2011-0957
+	RESERVED
+CVE-2011-0956
+	RESERVED
+CVE-2011-0955
+	RESERVED
+CVE-2011-0954
+	RESERVED
+CVE-2011-0953
+	RESERVED
+CVE-2011-0952
+	RESERVED
+CVE-2011-0951
+	RESERVED
+CVE-2011-0950
+	RESERVED
+CVE-2011-0949
+	RESERVED
+CVE-2011-0948
+	RESERVED
+CVE-2011-0947
+	RESERVED
+CVE-2011-0946
+	RESERVED
+CVE-2011-0945
+	RESERVED
+CVE-2011-0944
+	RESERVED
+CVE-2011-0943
+	RESERVED
+CVE-2011-0942
+	RESERVED
+CVE-2011-0941
+	RESERVED
+CVE-2011-0940
+	RESERVED
+CVE-2011-0939
+	RESERVED
+CVE-2011-0938
+	RESERVED
+CVE-2011-0937
+	RESERVED
+CVE-2011-0936
+	RESERVED
+CVE-2011-0935
+	RESERVED
+CVE-2011-0934
+	RESERVED
+CVE-2011-0933
+	RESERVED
+CVE-2011-0932
+	RESERVED
+CVE-2011-0931
+	RESERVED
+CVE-2011-0930
+	RESERVED
+CVE-2011-0929
+	RESERVED
+CVE-2011-0928
+	RESERVED
+CVE-2011-0927
+	RESERVED
+CVE-2011-0926
+	RESERVED
+CVE-2011-0925
+	RESERVED
+CVE-2011-0924 (The client in HP Data Protector does not verify the contents of
files ...)
+	TODO: check
+CVE-2011-0923 (The client in HP Data Protector does not properly validate
EXEC_CMD ...)
+	TODO: check
+CVE-2011-0922 (The client in HP Data Protector allows remote attackers to
execute ...)
+	TODO: check
+CVE-2011-0921 (crs.exe in the Cell Manager Service in the client in HP Data
Protector ...)
+	TODO: check
+CVE-2011-0920 (The Remote Console in IBM Lotus Domino, when a certain
unsupported ...)
+	TODO: check
+CVE-2011-0919 (Multiple stack-based buffer overflows in the (1) POP3 and (2)
IMAP ...)
+	TODO: check
+CVE-2011-0918 (Stack-based buffer overflow in the NRouter (aka Router) service
in IBM ...)
+	TODO: check
+CVE-2011-0917 (Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote
...)
+	TODO: check
+CVE-2011-0916 (Stack-based buffer overflow in the SMTP service in IBM Lotus
Domino ...)
+	TODO: check
+CVE-2011-0915 (Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino
before ...)
+	TODO: check
+CVE-2011-0914 (Integer signedness error in ndiiop.exe in the DIIOP
implementation in ...)
+	TODO: check
+CVE-2011-0913 (Stack-based buffer overflow in ndiiop.exe in the DIIOP
implementation ...)
+	TODO: check
+CVE-2011-0912 (IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1
FP5 ...)
+	TODO: check
+CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in
Zikula ...)
+	TODO: check
+CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6
makes it ...)
+	TODO: check
+CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums
before ...)
+	TODO: check
+CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6
allows ...)
+	TODO: check
+CVE-2011-0907
+	RESERVED
+CVE-2011-0906
+	RESERVED
+CVE-2011-0905
+	RESERVED
+CVE-2011-0904
+	RESERVED
+CVE-2011-0903 (Multiple directory traversal vulnerabilities in AR Web Content
Manager ...)
+	TODO: check
+CVE-2011-0902 (Multiple untrusted search path vulnerabilities in the Java
Service in ...)
+	TODO: check
+CVE-2011-0901 (Multiple stack-based buffer overflows in the tsc_launch_remote
...)
+	TODO: check
+CVE-2011-0900 (Stack-based buffer overflow in the tsc_launch_remote function
...)
+	TODO: check
+CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain
debugging ...)
+	TODO: check
+CVE-2011-0898
+	RESERVED
+CVE-2011-0897
+	RESERVED
+CVE-2011-0896
+	RESERVED
+CVE-2011-0895
+	RESERVED
+CVE-2011-0894
+	RESERVED
+CVE-2011-0893
+	RESERVED
+CVE-2011-0892
+	RESERVED
+CVE-2011-0891
+	RESERVED
+CVE-2011-0890
+	RESERVED
+CVE-2011-0889
+	RESERVED
+CVE-2011-0888
+	RESERVED
+CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast
Business ...)
+	TODO: check
+CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
+	TODO: check
+CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC
SMCD3G-CCR ...)
+	TODO: check
+CVE-2011-0884
+	RESERVED
+CVE-2011-0883
+	RESERVED
+CVE-2011-0882
+	RESERVED
+CVE-2011-0881
+	RESERVED
+CVE-2011-0880
+	RESERVED
+CVE-2011-0879
+	RESERVED
+CVE-2011-0878
+	RESERVED
+CVE-2011-0877
+	RESERVED
+CVE-2011-0876
+	RESERVED
+CVE-2011-0875
+	RESERVED
+CVE-2011-0874
+	RESERVED
+CVE-2011-0873
+	RESERVED
+CVE-2011-0872
+	RESERVED
+CVE-2011-0871
+	RESERVED
+CVE-2011-0870
+	RESERVED
+CVE-2011-0869
+	RESERVED
+CVE-2011-0868
+	RESERVED
+CVE-2011-0867
+	RESERVED
+CVE-2011-0866
+	RESERVED
+CVE-2011-0865
+	RESERVED
+CVE-2011-0864
+	RESERVED
+CVE-2011-0863
+	RESERVED
+CVE-2011-0862
+	RESERVED
+CVE-2011-0861
+	RESERVED
+CVE-2011-0860
+	RESERVED
+CVE-2011-0859
+	RESERVED
+CVE-2011-0858
+	RESERVED
+CVE-2011-0857
+	RESERVED
+CVE-2011-0856
+	RESERVED
+CVE-2011-0855
+	RESERVED
+CVE-2011-0854
+	RESERVED
+CVE-2011-0853
+	RESERVED
+CVE-2011-0852
+	RESERVED
+CVE-2011-0851
+	RESERVED
+CVE-2011-0850
+	RESERVED
+CVE-2011-0849
+	RESERVED
+CVE-2011-0848
+	RESERVED
+CVE-2011-0847
+	RESERVED
+CVE-2011-0846
+	RESERVED
+CVE-2011-0845
+	RESERVED
+CVE-2011-0844
+	RESERVED
+CVE-2011-0843
+	RESERVED
+CVE-2011-0842
+	RESERVED
+CVE-2011-0841
+	RESERVED
+CVE-2011-0840
+	RESERVED
+CVE-2011-0839
+	RESERVED
+CVE-2011-0838
+	RESERVED
+CVE-2011-0837
+	RESERVED
+CVE-2011-0836
+	RESERVED
+CVE-2011-0835
+	RESERVED
+CVE-2011-0834
+	RESERVED
+CVE-2011-0833
+	RESERVED
+CVE-2011-0832
+	RESERVED
+CVE-2011-0831
+	RESERVED
+CVE-2011-0830
+	RESERVED
+CVE-2011-0829
+	RESERVED
+CVE-2011-0828
+	RESERVED
+CVE-2011-0827
+	RESERVED
+CVE-2011-0826
+	RESERVED
+CVE-2011-0825
+	RESERVED
+CVE-2011-0824
+	RESERVED
+CVE-2011-0823
+	RESERVED
+CVE-2011-0822
+	RESERVED
+CVE-2011-0821
+	RESERVED
+CVE-2011-0820
+	RESERVED
+CVE-2011-0819
+	RESERVED
+CVE-2011-0818
+	RESERVED
+CVE-2011-0817
+	RESERVED
+CVE-2011-0816
+	RESERVED
+CVE-2011-0815
+	RESERVED
+CVE-2011-0814
+	RESERVED
+CVE-2011-0813
+	RESERVED
+CVE-2011-0812
+	RESERVED
+CVE-2011-0811
+	RESERVED
+CVE-2011-0810
+	RESERVED
+CVE-2011-0809
+	RESERVED
+CVE-2011-0808
+	RESERVED
+CVE-2011-0807
+	RESERVED
+CVE-2011-0806
+	RESERVED
+CVE-2011-0805
+	RESERVED
+CVE-2011-0804
+	RESERVED
+CVE-2011-0803
+	RESERVED
+CVE-2011-0802
+	RESERVED
+CVE-2011-0801
+	RESERVED
+CVE-2011-0800
+	RESERVED
+CVE-2011-0799
+	RESERVED
+CVE-2011-0798
+	RESERVED
+CVE-2011-0797
+	RESERVED
+CVE-2011-0796
+	RESERVED
+CVE-2011-0795
+	RESERVED
+CVE-2011-0794
+	RESERVED
+CVE-2011-0793
+	RESERVED
+CVE-2011-0792
+	RESERVED
+CVE-2011-0791
+	RESERVED
+CVE-2011-0790
+	RESERVED
+CVE-2011-0789
+	RESERVED
+CVE-2011-0788
+	RESERVED
+CVE-2011-0787
+	RESERVED
+CVE-2011-0786
+	RESERVED
+CVE-2011-0785
+	RESERVED
+CVE-2011-0784 (Race condition in Google Chrome before 9.0.597.84 allows remote
...)
+	TODO: check
+CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84
allows ...)
+	TODO: check
+CVE-2011-0782 (Google Chrome before 9.0.597.84 on Mac OS X does not properly
mitigate ...)
+	TODO: check
+CVE-2011-0781 (Google Chrome before 9.0.597.84 does not properly handle
autofill ...)
+	TODO: check
+CVE-2011-0780 (The PDF event handler in Google Chrome before 9.0.597.84 does
not ...)
+	TODO: check
+CVE-2011-0779 (Google Chrome before 9.0.597.84 does not properly handle a
missing key ...)
+	TODO: check
+CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag
and ...)
+	TODO: check
+CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84
allows ...)
+	TODO: check
+CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on
Mac ...)
+	TODO: check
+CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism
for ...)
+	TODO: check
+CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for
random ...)
+	TODO: check
 CVE-2011-XXXX [evince segfault]
 	- evince <unfixed> (bug #612668)
 	TODO: check
@@ -99,8 +523,8 @@
 	- smarty3 <unfixed>
 	- smarty <unfixed>
 	TODO: check
-CVE-2011-0758
-	RESERVED
+CVE-2011-0758 (The CA ETrust Secure Content Manager Common Services Transport
...)
+	TODO: check
 CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on
Linux, ...)
 	NOT-FOR-US: IBM DB2
 CVE-2011-0756
@@ -363,8 +787,8 @@
 	NOT-FOR-US: TIBCO Rendezvous
 CVE-2011-0648
 	RESERVED
-CVE-2011-0647
-	RESERVED
+CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before
5.3 and ...)
+	TODO: check
 CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS
allows ...)
 	NOT-FOR-US: PHPLOWBIDS
 CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows
...)
@@ -469,127 +893,114 @@
 	RESERVED
 CVE-2011-0609
 	RESERVED
-CVE-2011-0608
-	RESERVED
+CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0607
-	RESERVED
+CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0606
-	RESERVED
-CVE-2011-0605
-	RESERVED
-CVE-2011-0604
-	RESERVED
-CVE-2011-0603
-	RESERVED
-CVE-2011-0602
-	RESERVED
+CVE-2011-0606 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0604 (Cross-site scripting (XSS) vulnerability in Adobe Reader and
Acrobat ...)
+	TODO: check
+CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
 CVE-2011-0601
 	RESERVED
-CVE-2011-0600
-	RESERVED
-CVE-2011-0599
-	RESERVED
-CVE-2011-0598
-	RESERVED
+CVE-2011-0600 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0599 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0598 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
 CVE-2011-0597
 	RESERVED
-CVE-2011-0596
-	RESERVED
-CVE-2011-0595
-	RESERVED
-CVE-2011-0594
-	RESERVED
-CVE-2011-0593
-	RESERVED
-CVE-2011-0592
-	RESERVED
-CVE-2011-0591
-	RESERVED
-CVE-2011-0590
-	RESERVED
-CVE-2011-0589
-	RESERVED
-CVE-2011-0588
-	RESERVED
-CVE-2011-0587
-	RESERVED
-CVE-2011-0586
-	RESERVED
-CVE-2011-0585
-	RESERVED
-CVE-2011-0584
-	RESERVED
-CVE-2011-0583
-	RESERVED
-CVE-2011-0582
-	RESERVED
-CVE-2011-0581
-	RESERVED
-CVE-2011-0580
-	RESERVED
+CVE-2011-0596 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0594 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0593 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0592 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0591 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0590 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0589 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0588 (Untrusted search path vulnerability in Adobe Reader and Acrobat
10.x ...)
+	TODO: check
+CVE-2011-0587 (Cross-site scripting (XSS) vulnerability in Adobe Reader and
Acrobat ...)
+	TODO: check
+CVE-2011-0586 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0585 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
+	TODO: check
+CVE-2011-0584 (Session fixation vulnerability in Adobe ColdFusion 8.0 through
9.0.1 ...)
+	TODO: check
+CVE-2011-0583 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0
...)
+	TODO: check
+CVE-2011-0582 (Unspecified vulnerability in the administrator console in Adobe
...)
+	TODO: check
+CVE-2011-0581 (Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0
...)
+	TODO: check
+CVE-2011-0580 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2011-0579
 	RESERVED
-CVE-2011-0578
-	RESERVED
+CVE-2011-0578 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0577
-	RESERVED
+CVE-2011-0577 (Unspecified vulnerability in Adobe Flash Player before
10.2.152.26 ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-0576
 	RESERVED
-CVE-2011-0575
-	RESERVED
+CVE-2011-0575 (Untrusted search path vulnerability in Adobe Flash Player before
...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0574
-	RESERVED
+CVE-2011-0574 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0573
-	RESERVED
+CVE-2011-0573 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0572
-	RESERVED
+CVE-2011-0572 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0571
-	RESERVED
+CVE-2011-0571 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0570
-	RESERVED
-CVE-2011-0569
-	RESERVED
-CVE-2011-0568
-	RESERVED
-CVE-2011-0567
-	RESERVED
-CVE-2011-0566
-	RESERVED
-CVE-2011-0565
-	RESERVED
-CVE-2011-0564
-	RESERVED
-CVE-2011-0563
-	RESERVED
-CVE-2011-0562
-	RESERVED
-CVE-2011-0561
-	RESERVED
+CVE-2011-0570 (Untrusted search path vulnerability in Adobe Reader and Acrobat
10.x ...)
+	TODO: check
+CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before
11.5.9.620 ...)
+	TODO: check
+CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
+	TODO: check
+CVE-2011-0567 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0565 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x
before ...)
+	TODO: check
+CVE-2011-0564 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0563 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2,
and 8.x ...)
+	TODO: check
+CVE-2011-0562 (Untrusted search path vulnerability in Adobe Reader and Acrobat
10.x ...)
+	TODO: check
+CVE-2011-0561 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0560
-	RESERVED
+CVE-2011-0560 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0559
-	RESERVED
+CVE-2011-0559 (Adobe Flash Player before 10.2.152.26 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0558
-	RESERVED
+CVE-2011-0558 (Integer overflow in Adobe Flash Player before 10.2.152.26 allows
...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-0557
-	RESERVED
-CVE-2011-0556
-	RESERVED
-CVE-2011-0555
-	RESERVED
+CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620
allows ...)
+	TODO: check
+CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before
11.5.9.620 ...)
+	TODO: check
+CVE-2011-0555 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
 CVE-2011-0554
 	RESERVED
 CVE-2011-0553
@@ -620,23 +1031,21 @@
 	RESERVED
 CVE-2011-0540
 	RESERVED
-CVE-2011-0539 [Legacy certificates stack disclosure]
-	RESERVED
+CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and
5.7, ...)
 	- openssh 1:5.8p1-2
 	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
 	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
-CVE-2011-0538
-	RESERVED
+CVE-2011-0538 (Wireshark 1.5.0, 1.4.3, and earlier frees an uninitialized
pointer ...)
+	TODO: check
 CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
 	- mediawiki <unfixed> (bug #611787)
 CVE-2011-0536 [CVE-2010-3847 opens new vulnerability]
 	RESERVED
 	- eglibc <unfixed> (bug #600667)
 	- glibc <removed>
-CVE-2011-0535
-	RESERVED
-CVE-2011-0534 [remote DoS via NIO connector]
-	RESERVED
+CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users
module in ...)
+	TODO: check
+CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does
not ...)
 	- tomcat5.5 <not-affected> (Vulnerable code not present)
 	- tomcat6 6.0.28-10
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
@@ -644,8 +1053,7 @@
 	RESERVED
 CVE-2011-0532
 	RESERVED
-CVE-2011-0531 [vlc mkv memory corruption]
-	RESERVED
+CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC
media ...)
 	- vlc 1.1.7-1 (medium)
 CVE-2011-0530
 	RESERVED
@@ -659,8 +1067,8 @@
 	[lenny] - puppet <not-affected> (Only affects 2.6.x)
 CVE-2011-0527
 	RESERVED
-CVE-2011-0526
-	RESERVED
+CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla
...)
+	TODO: check
 CVE-2011-0525
 	RESERVED
 CVE-2011-0524
@@ -1143,10 +1551,10 @@
 	RESERVED
 CVE-2011-0325
 	RESERVED
-CVE-2011-0324
-	RESERVED
-CVE-2011-0323
-	RESERVED
+CVE-2011-0324 (Multiple heap-based buffer overflows in Topaz Systems SigPlus
Pro ...)
+	TODO: check
+CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly
other ...)
+	TODO: check
 CVE-2011-0322
 	RESERVED
 CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
@@ -1305,18 +1713,15 @@
 	RESERVED
 CVE-2011-0284
 	RESERVED
-CVE-2011-0283 [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
#3]
-	RESERVED
+CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)
1.9 ...)
 	- krb5 <unfixed> (low)
 	[etch] - krb5 <not-affected> (Only affects 1.9.x)
 	[lenny] - krb5 <not-affected> (Only affects 1.9.x)
 	[squeeze] - krb5 <not-affected> (Only affects 1.9.x)
 	[sid] - krb5 <not-affected> (Only affects 1.9.x)
-CVE-2011-0282 [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
#2]
-	RESERVED
+CVE-2011-0282 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5)
1.6.x ...)
 	- krb5 <unfixed>
-CVE-2011-0281 [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt
#1]
-	RESERVED
+CVE-2011-0281 (The unparse implementation in the Key Distribution Center (KDC)
in MIT ...)
 	- krb5 <unfixed>
 CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux
...)
 	{DSA-2153-1}
@@ -1499,8 +1904,8 @@
 	RESERVED
 CVE-2011-0278
 	RESERVED
-CVE-2011-0277
-	RESERVED
+CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power
Manager ...)
+	TODO: check
 CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and
5.41 ...)
 	NOT-FOR-US: HP OpenView Performance Insight Server
 CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector
6.0, ...)
@@ -1891,22 +2296,22 @@
 	RESERVED
 CVE-2011-0094
 	RESERVED
-CVE-2011-0093
-	RESERVED
-CVE-2011-0092
-	RESERVED
-CVE-2011-0091
-	RESERVED
-CVE-2011-0090
-	RESERVED
-CVE-2011-0089
-	RESERVED
-CVE-2011-0088
-	RESERVED
-CVE-2011-0087
-	RESERVED
-CVE-2011-0086
-	RESERVED
+CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2
does ...)
+	TODO: check
+CVE-2011-0092 (ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2
does ...)
+	TODO: check
+CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does
not ...)
+	TODO: check
+CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
+CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP
SP2 and ...)
+	TODO: check
 CVE-2011-0085
 	RESERVED
 CVE-2011-0084
@@ -2129,38 +2534,38 @@
 CVE-2010-XXXX [TYPO3-SA-2010-022]
 	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
 	NOTE: CVE ID requested
-CVE-2011-0045
-	RESERVED
+CVE-2011-0045 (The kernel in Microsoft Windows XP SP3 performs memory
allocation ...)
+	TODO: check
 CVE-2011-0044
 	RESERVED
-CVE-2011-0043
-	RESERVED
+CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2
...)
+	TODO: check
 CVE-2011-0042
 	RESERVED
 CVE-2011-0041
 	RESERVED
-CVE-2011-0040
-	RESERVED
-CVE-2011-0039
-	RESERVED
-CVE-2011-0038
-	RESERVED
+CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003
SP2 ...)
+	TODO: check
+CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in
Microsoft ...)
+	TODO: check
+CVE-2011-0038 (Untrusted search path vulnerability in Microsoft Internet
Explorer 8 ...)
+	TODO: check
 CVE-2011-0037
 	RESERVED
-CVE-2011-0036
-	RESERVED
-CVE-2011-0035
-	RESERVED
+CVE-2011-0036 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle
...)
+	TODO: check
+CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle
...)
+	TODO: check
 CVE-2011-0034
 	RESERVED
-CVE-2011-0033
-	RESERVED
+CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft
Windows XP ...)
+	TODO: check
 CVE-2011-0032
 	RESERVED
-CVE-2011-0031
-	RESERVED
-CVE-2011-0030
-	RESERVED
+CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in
...)
+	TODO: check
+CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft
Windows XP ...)
+	TODO: check
 CVE-2011-0029
 	RESERVED
 CVE-2011-0028
@@ -2290,8 +2695,8 @@
 	- cobbler <itp> (bug #545583)
 CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the ...)
 	NOT-FOR-US: iSpot/ClearSpot hardware devices
-CVE-2010-4506
-	RESERVED
+CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before
7.0A ...)
+	TODO: check
 CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader
2.4.4, ...)
 	NOT-FOR-US: Injader
 CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat
...)
@@ -2305,8 +2710,7 @@
 	NOTE: Dupe of CVE-2010-4334
 CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in
MRCGIGUY ...)
 	NOT-FOR-US: MRCGIGUY FreeTicket
-CVE-2011-0025
-	RESERVED
+CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5
does ...)
 	- openjdk-6 6b18-1.8.5-1
 CVE-2011-0024
 	RESERVED
@@ -2314,8 +2718,7 @@
 	RESERVED
 CVE-2011-0022
 	RESERVED
-CVE-2011-0522 [VLC heap corruption in subtitle decoder]
-	RESERVED
+CVE-2011-0522 (The StripTags function in (1) the USF decoder ...)
 	- vlc 1.1.3-1squeeze2
 CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder
in ...)
 	- vlc 1.1.3-1squeeze2
@@ -2821,8 +3224,8 @@
 	- phpmyadmin 4:3.3.7-2
 CVE-2010-4328
 	RESERVED
-CVE-2010-4327
-	RESERVED
+CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell
eDirectory ...)
+	TODO: check
 CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet
Agent ...)
 	NOT-FOR-US: Groupwise
 CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA)
in ...)
@@ -2862,10 +3265,10 @@
 	RESERVED
 CVE-2010-4308
 	RESERVED
-CVE-2010-4307
-	RESERVED
-CVE-2010-4306
-	RESERVED
+CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620
allows ...)
+	TODO: check
+CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
 CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115,
and ...)
 	NOT-FOR-US: Cisco Unified Videoconferencing
 CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC)
System ...)
@@ -3178,26 +3581,26 @@
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: http://trac.webkit.org/changeset/70594
-CVE-2010-4196
-	RESERVED
-CVE-2010-4195
-	RESERVED
-CVE-2010-4194
-	RESERVED
-CVE-2010-4193
-	RESERVED
-CVE-2010-4192
-	RESERVED
-CVE-2010-4191
-	RESERVED
-CVE-2010-4190
-	RESERVED
-CVE-2010-4189
-	RESERVED
-CVE-2010-4188
-	RESERVED
-CVE-2010-4187
-	RESERVED
+CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before
...)
+	TODO: check
+CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620
does ...)
+	TODO: check
+CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before
11.5.9.620 does ...)
+	TODO: check
+CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly
validate ...)
+	TODO: check
+CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
+CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
+CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
+CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620
allows ...)
+	TODO: check
+CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before
11.5.9.620 ...)
+	TODO: check
+CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
 CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools
Online ...)
 	NOT-FOR-US: OnlineTechTools
 CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly
2.3.8 ...)
@@ -3415,11 +3818,11 @@
 	NOT-FOR-US: Serengeti Systems Incorporated Robo-FTP 3.7.3
 CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational
Test ...)
 	NOT-FOR-US: IBM Rational Quality Manager
-CVE-2010-4093
-	RESERVED
+CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to
execute ...)
+	TODO: check
 CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility
component ...)
 	NOT-FOR-US: Adobe Shockwave Player
-CVE-2010-4091 (The EScript.api plugin in Adobe Acrobat Reader 9.4.0, 8.1.7, and
...)
+CVE-2010-4091 (The EScript.api plugin in Adobe Reader and Acrobat 10.x before
10.0.1, ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to
execute ...)
 	NOT-FOR-US: Adobe Shockwave Player
@@ -3602,8 +4005,7 @@
 	NOT-FOR-US: HP Insight Control Power Management
 CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control
Power ...)
 	NOT-FOR-US: HP Insight Control Power Management
-CVE-2010-4022 [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt]
-	RESERVED
+CVE-2010-4022 (The do_standalone function in the MIT krb5 KDC database
propagation ...)
 	- krb5 <unfixed> (low)
 	[lenny] - krb5 <not-affected> (Only affects 1.7.x onwards)
 	[etch] - krb5 <not-affected> (Only affects 1.7.x onwards)
@@ -3741,7 +4143,7 @@
 	RESERVED
 CVE-2010-3973 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft
WMI ...)
 	NOT-FOR-US: Microsoft
-CVE-2010-3972 (The TELNET_STREAM_CONTEXT::OnSendData function in the FTP
protocol ...)
+CVE-2010-3972 (Heap-based buffer overflow in the
TELNET_STREAM_CONTEXT::OnSendData ...)
 	NOT-FOR-US: Microsoft Internet Information Services
 CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify
function ...)
 	NOT-FOR-US: Microsoft Internet Explorer 7 and 8
@@ -4435,8 +4837,7 @@
 	RESERVED
 CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
 	NOT-FOR-US: Symantec IM Manager
-CVE-2010-3718 [security manager permission bypas]
-	RESERVED
+CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when
running ...)
 	- tomcat5.5 <removed> (low)
 	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
 	- tomcat6 6.0.28-10
@@ -7558,12 +7959,12 @@
 	RESERVED
 CVE-2010-2590 (Heap-based buffer overflow in the ...)
 	NOT-FOR-US: ActiveX
-CVE-2010-2589
-	RESERVED
-CVE-2010-2588
-	RESERVED
-CVE-2010-2587
-	RESERVED
+CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave
Player ...)
+	TODO: check
+CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before
11.5.9.620 ...)
+	TODO: check
+CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before
11.5.9.620 ...)
+	TODO: check
 CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in
...)
 	NOT-FOR-US: Winamp
 CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX
...)
Secure testing commits - Feb 2011 - r16109 - data/CVE

[Secure-testing-commits] r16109 - data/CVE
