Author: joeyh
Date: 2011-04-11 21:16:14 +0000 (Mon, 11 Apr 2011)
New Revision: 16510
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-04-11 18:50:42 UTC (rev 16509)
+++ data/CVE/list 2011-04-11 21:16:14 UTC (rev 16510)
@@ -1,3 +1,51 @@
+CVE-2011-1681 (vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka
...)
+ TODO: check
+CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the
/etc/mtab~ ...)
+ TODO: check
+CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append
to the ...)
+ TODO: check
+CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs
to ...)
+ TODO: check
+CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the
/etc/mtab~ ...)
+ TODO: check
+CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the
/etc/mtab.tmp ...)
+ TODO: check
+CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the
...)
+ TODO: check
+CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote
...)
+ TODO: check
+CVE-2011-1673 (BackupConfig.php on the NetGear ProSafe WNAP210 allows remote
...)
+ TODO: check
+CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and
earlier ...)
+ TODO: check
+CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in
InTerra ...)
+ TODO: check
+CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in WP
Custom ...)
+ TODO: check
+CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web
...)
+ TODO: check
+CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011
allows ...)
+ TODO: check
+CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive
...)
+ TODO: check
+CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root
with ...)
+ TODO: check
+CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in Translation
...)
+ TODO: check
+CVE-2011-1663 (SQL injection vulnerability in Translation Management module 6.x
...)
+ TODO: check
+CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation
Management ...)
+ TODO: check
+CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use ...)
+ TODO: check
+CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+ TODO: check
+CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka
glibc or ...)
+ TODO: check
+CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier
...)
+ TODO: check
CVE-2011-1657
RESERVED
CVE-2011-1656
@@ -403,10 +451,10 @@
RESERVED
CVE-2011-1493
RESERVED
-CVE-2011-1492
- RESERVED
-CVE-2011-1491
- RESERVED
+CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does
not ...)
+ TODO: check
+CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not
properly ...)
+ TODO: check
CVE-2011-1490
RESERVED
CVE-2011-1489
@@ -439,8 +487,7 @@
CVE-2011-1476
RESERVED
- linux-2.6 <unfixed>
-CVE-2011-1475
- RESERVED
+CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does
not ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1474
RESERVED
@@ -1202,8 +1249,7 @@
NOTE: http://trac.webkit.org/changeset/74853
CVE-2011-1184
RESERVED
-CVE-2011-1183
- RESERVED
+CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration,
does ...)
- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1182
RESERVED
@@ -1261,8 +1307,7 @@
RESERVED
CVE-2011-1164
RESERVED
-CVE-2011-1163
- RESERVED
+CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux
kernel ...)
- linux-2.6 2.6.38-1
CVE-2011-1162
RESERVED
@@ -1529,8 +1574,7 @@
- rsync <unfixed> (low; bug #621866)
CVE-2011-1096
RESERVED
-CVE-2011-1095 [glibc locale escaping issue]
- RESERVED
+CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka
glibc or ...)
- glibc <removed>
[lenny] - glibc <no-dsa> (Minor issue)
- eglibc <unfixed>
@@ -1557,8 +1601,7 @@
CVE-2011-1090
RESERVED
- linux-2.6 2.6.38-1 (low)
-CVE-2011-1089 [Suid mount helpers fail to anticipate RLIMIT_FSIZE]
- RESERVED
+CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6)
2.13 ...)
- glibc <removed>
- eglibc <unfixed>
TODO: This issue will be assigned to glibc, probably. Not confirmed yet.
@@ -1609,8 +1652,7 @@
- cron <not-affected> (Debian''s cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local
users ...)
- cron <not-affected> (Debian''s cron not affected)
-CVE-2011-1071 [eglibc: memory corruption]
- RESERVED
+CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and
Embedded ...)
- glibc <removed>
- eglibc 2.11.2-12 (bug #615120)
NOTE: poc does not work on version 2.13 in experimental
@@ -1861,8 +1903,7 @@
- linux-2.6 <not-affected> (Introduced in 2.6.38-rc1, fixed in
2.6.38-rc5)
CVE-2011-0998
RESERVED
-CVE-2011-0997 [isc-dhcp-client command injection]
- RESERVED
+CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1,
3.1-ESV ...)
{DSA-2217-1 DSA-2216-1}
- isc-dhcp 4.1.1-P1-16.1 (bug #621099)
- dhcp3 <removed>
@@ -1875,8 +1916,8 @@
RESERVED
CVE-2011-0995
RESERVED
-CVE-2011-0994
- RESERVED
+CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File
Reporter ...)
+ TODO: check
CVE-2011-0993
RESERVED
CVE-2011-0992
@@ -2464,8 +2505,8 @@
RESERVED
CVE-2011-0766
RESERVED
-CVE-2011-0765
- RESERVED
+CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute
(LFT) ...)
+ TODO: check
CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and
other ...)
- xpdf 3.02-9
- poppler <not-affected> (never used t1lib)
@@ -3090,8 +3131,7 @@
- wireshark 1.4.3-3 (low; bug #613202)
CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
- mediawiki <not-affected> (Only affected when running on Windows or
Novell Netware)
-CVE-2011-0536 [CVE-2010-3847 opens new vulnerability]
- RESERVED
+CVE-2011-0536 (Multiple untrusted search path vulnerabilities in
elf/dl-object.c in ...)
- eglibc <unfixed> (bug #600667)
- glibc <removed>
CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users
module in ...)
@@ -3308,20 +3348,19 @@
TODO: check
CVE-2011-0467
RESERVED
-CVE-2011-0466
- RESERVED
-CVE-2011-0465 [xrdb code execution via crafted hostname]
- RESERVED
+CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8
and ...)
+ TODO: check
+CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows
remote ...)
{DSA-2213-1}
- x11-xserver-utils 7.6+2 (low; bug #621423)
NOTE:
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
NOTE: low as this is not enabled in a standard setup
CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot
Patch 1 ...)
NOT-FOR-US: Novell Vibe OnPrem
-CVE-2011-0463
- RESERVED
-CVE-2011-0462
- RESERVED
+CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in
the ...)
+ TODO: check
+CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login
page ...)
+ TODO: check
CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before
11.2-43.48.1 ...)
TODO: check
CVE-2011-0460