thr3ads.net - Secure testing commits - [Secure-testing-commits] r16606

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Apr-27 21:15 UTC
[Secure-testing-commits] r16606 - data/CVE

Author: joeyh
Date: 2011-04-27 21:15:18 +0000 (Wed, 27 Apr 2011)
New Revision: 16606

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-04-27 18:34:48 UTC (rev 16605)
+++ data/CVE/list	2011-04-27 21:15:18 UTC (rev 16606)
@@ -1,3 +1,5 @@
+CVE-2011-1827
+	RESERVED
 CVE-2011-XXXX [packet truncation in libpcap]
 	- libpcap <unfixed> (low; bug #623868)
 	[squeeze] - libpcap <no-dsa> (Minor issue)
@@ -6,29 +8,29 @@
 	- libav <unfixed>
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
-CVE-2010-4801
- 	NOT-FOR-US: BaconMap
-CVE-2010-4800
+CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in
BaconMap ...)
 	NOT-FOR-US: BaconMap
-CVE-2010-4799
+CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows
remote ...)
+	NOT-FOR-US: BaconMap
+CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0,
when ...)
 	NOT-FOR-US: Chipmunk Pwngame
-CVE-2010-4798
+CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM
2.6.0.1 ...)
 	NOT-FOR-US: OrangeHRM
-CVE-2010-4797
+CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in
Truworth ...)
 	NOT-FOR-US: Truworth Flex Timesheet
-CVE-2010-4796
+CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow
remote ...)
 	NOT-FOR-US: PHPYun
-CVE-2010-4795
+CVE-2010-4795 (SQL injection vulnerability in the JS Calendar (com_jscalendar)
...)
 	NOT-FOR-US: JS Calendar component for Joomla!
-CVE-2010-4794
+CVE-2010-4794 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: JoomlaSeller JS Calendar component for Joomla!
-CVE-2010-4793
+CVE-2010-4793 (SQL injection vulnerability in detail.asp in Site2Nite Auto
e-Manager ...)
 	NOT-FOR-US: Site2Nite Auto e-Manager
-CVE-2010-4792
+CVE-2010-4792 (Cross-site scripting (XSS) vulnerability in title.php in OPEN IT
...)
 	NOT-FOR-US: OPEN IT OverLook
-CVE-2010-4791
+CVE-2010-4791 (SQL injection vulnerability in ...)
 	NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion
-CVE-2010-4790
+CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and
...)
 	NOT-FOR-US: FilterFTP
 CVE-2011-1826
 	RESERVED
@@ -266,7 +268,7 @@
 	RESERVED
 CVE-2011-1726
 	RESERVED
-CVE-2011-1725
+CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x,
7.6x, ...)
 	NOT-FOR-US: HP Network Automation
 CVE-2011-1724
 	RESERVED
@@ -278,9 +280,9 @@
 	NOT-FOR-US: WebJaxe
 CVE-2011-1720
 	RESERVED
-CVE-2011-1719
+CVE-2011-1719 (Multiple stack-based buffer overflows in the Web Viewer ActiveX
...)
 	NOT-FOR-US: ActiveX
-CVE-2011-1718
+CVE-2011-1718 (The Web Agents component in CA SiteMinder R6 before SP6 CR2 and
R12 ...)
 	NOT-FOR-US: CA SiteMinder
 CVE-2011-1716 (Multiple cross-site scripting (XSS) vulnerabilities in the Web
UI in ...)
 	NOT-FOR-US: Xymon
@@ -553,8 +555,7 @@
 	RESERVED
 CVE-2011-1600
 	RESERVED
-CVE-2011-1599 [AST 2011-006]
-	RESERVED
+CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x
...)
 	{DSA-2225-1}
 	- asterisk 1:1.8.3.3-1
 	[lenny] - asterisk <not-affected> (Vulnerable code not present)
@@ -593,11 +594,10 @@
 	RESERVED
 	- thunar <not-affected> (Introduced in 1.2, only in experimental)
 	NOTE:
http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
-CVE-2011-1587 [initial mediawiki fix was incomplete]
-	RESERVED
+CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.16.4, ...)
 	- mediawiki <not-affected> (Incomplete fix never used in Debian)
-CVE-2011-1586
-	RESERVED
+CVE-2011-1586 (Directory traversal vulnerability in the ...)
+	TODO: check
 CVE-2011-1585
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -612,14 +612,11 @@
 	- linux-2.6 <unfixed> (low)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
-CVE-2011-1580 [mediawiki lack of ACL checks in transwiki import]
-	RESERVED
+CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3
does not ...)
 	- mediawiki <unfixed> 
-CVE-2011-1579 [mediawiki CSS validation error]
-	RESERVED
+CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext
parser ...)
 	- mediawiki <unfixed> 
-CVE-2011-1578 [mediawiki XSS specific to IE6]
-	RESERVED
+CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.16.3, ...)
 	- mediawiki <unfixed> 
 CVE-2011-1577
 	RESERVED
@@ -819,9 +816,9 @@
 	RESERVED
 CVE-2011-1508
 	RESERVED
-CVE-2011-1507
-	RESERVED
+CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before
1.6.1.25, ...)
 	{DSA-2225-1}
+	TODO: check
 CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects
Pre ...)
 	NOT-FOR-US: PreProjects Pre Online Tests Generator Pro
 CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before
6.x-1.5 ...)
@@ -8934,7 +8931,7 @@
 	NOT-FOR-US: flock
 CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent
7.0 ...)
 	NOT-FOR-US: RSA Authentication Agent 7.0 for Web
-CVE-2010-3260
+CVE-2010-3260 (oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the
xforms-server ...)
 	NOT-FOR-US: Orbeon Forms
 CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3, ...)
 	- chromium-browser 6.0.472.53~r57914-1
@@ -10236,17 +10233,14 @@
 	- zabbix 1:1.8.3-1 (bug #594304)
 	[squeeze] - zabbix 1:1.8.2-1squeeze1
 	[lenny] - zabbix <no-dsa> (Minor issue)
-CVE-2010-2789 [mediawiki "register_globals arbitrary inclusion"]
-	RESERVED
+CVE-2010-2789 (PHP remote file inclusion vulnerability in
MediaWikiParserTest.php in ...)
 	- mediawiki <not-affected> (Affects mediawiki 1:1.16.0beta* - was not
and will not be in Debian)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
-CVE-2010-2788 [mediawiki XSS]
-	RESERVED
+CVE-2010-2788 (Cross-site scripting (XSS) vulnerability in profileinfo.php in
...)
 	- mediawiki 1:1.15.5-1 (bug #590669; low)
 	[lenny] - mediawiki 1:1.12.0-2lenny6
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
-CVE-2010-2787 [mediawiki data leakage]
-	RESERVED
+CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of
public ...)
 	- mediawiki 1:1.15.5-1 (bug #590660; low)
 	[lenny] - mediawiki <no-dsa> (Minor issue)
 	NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
Secure testing commits - Apr 2011 - r16606 - data/CVE

[Secure-testing-commits] r16606 - data/CVE
