thr3ads.net - Secure testing commits - [Secure-testing-commits] r16823

If this information is useful, please help other people find it:
Share via:
Helmut Grohne
2011-Jun-20 08:40 UTC
[Secure-testing-commits] r16823 - data/CVE

Author: helmut-guest
Date: 2011-06-20 08:40:48 +0000 (Mon, 20 Jun 2011)
New Revision: 16823

Modified:
   data/CVE/list
Log:
update from nvd.nist.gov. mostly NFUs

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-06-20 07:48:32 UTC (rev 16822)
+++ data/CVE/list	2011-06-20 08:40:48 UTC (rev 16823)
@@ -16,6 +16,9 @@
 	- linux-2.6 2.6.32-1
 CVE-2011-2203 [HFS DoS]
 	- linux-2.6 <unfixed>
+CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c ...)
+	- php5 <undetermined>
+	NOTE: probably affected, because fixed upstream in 5.3.7
 CVE-2011-2199 [tftp-hpa buffer overflow]
 	- tftp-hpa <unfixed>
 	NOTE:
http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
@@ -260,82 +263,82 @@
 	RESERVED
 CVE-2011-2129
 	RESERVED
-CVE-2011-2128
-	RESERVED
-CVE-2011-2127
-	RESERVED
-CVE-2011-2126
-	RESERVED
-CVE-2011-2125
-	RESERVED
-CVE-2011-2124
-	RESERVED
-CVE-2011-2123
-	RESERVED
-CVE-2011-2122
-	RESERVED
-CVE-2011-2121
-	RESERVED
-CVE-2011-2120
-	RESERVED
-CVE-2011-2119
-	RESERVED
-CVE-2011-2118
-	RESERVED
-CVE-2011-2117
-	RESERVED
-CVE-2011-2116
-	RESERVED
-CVE-2011-2115
-	RESERVED
-CVE-2011-2114
-	RESERVED
-CVE-2011-2113
-	RESERVED
-CVE-2011-2112
-	RESERVED
-CVE-2011-2111
-	RESERVED
-CVE-2011-2110
-	RESERVED
-CVE-2011-2109
-	RESERVED
-CVE-2011-2108
-	RESERVED
+CVE-2011-2128 (... allows attackers to execute arbitrary code or cause a denial
...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2127 (... allows attackers to execute arbitrary code or cause a denial
...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2126 (... allows attackers to execute arbitrary code via unspecified
vectors.)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2125 (Buffer overflow in Dirapix.dll ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2124 (... attackers to execute arbitrary code or cause a denial of
service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2122 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2121 (Integer overflow ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2120 (Integer overflow in the CursorAsset x32 component ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2119 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2118 (The FLV ASSET Xtra component ... allows attackers to execute
arbitrary code ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2117 (... allows attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2116 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2115 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2114 (... allows attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2112 (Multiple buffer overflows in IML32.dll ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2111 (IML32.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2110 (... allows remote attackers to execute arbitrary code or cause a
denial of service ...)
+	NOT-FOR-US: Adobe Flash Player
+CVE-2011-2109 (Multiple integer overflows in Dirapi.dll ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-2108 (... allows attackers to execute arbitrary code via unspecified
vectors ...)
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
before 10.3.181.22 ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2011-2106
-	RESERVED
-CVE-2011-2105
-	RESERVED
-CVE-2011-2104
-	RESERVED
-CVE-2011-2103
-	RESERVED
-CVE-2011-2102
-	RESERVED
-CVE-2011-2101
-	RESERVED
-CVE-2011-2100
-	RESERVED
-CVE-2011-2099
-	RESERVED
-CVE-2011-2098
-	RESERVED
-CVE-2011-2097
-	RESERVED
-CVE-2011-2096
-	RESERVED
-CVE-2011-2095
-	RESERVED
-CVE-2011-2094
-	RESERVED
-CVE-2011-2093
-	RESERVED
-CVE-2011-2092
-	RESERVED
-CVE-2011-2091
-	RESERVED
+CVE-2011-2106 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2105 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2104 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2103 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2102 (... allows attackers to bypass intended access restrictions ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2101 (... do not properly restrict script ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2100 (Untrusted search path vulnerability ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2099 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2098 (... allow attackers to execute arbitrary code or cause a denial
of service ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2097 (Buffer overflow ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2096 (Heap-based buffer overflow ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2095 (Buffer overflow ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2094 (Buffer overflow ...)
+	NOT-FOR-US: Adobe Reader and Acrobat
+CVE-2011-2093 (... do not properly handle object graphs ...)
+	NOT-FOR-US: Adobe LiveCycle Data Services
+CVE-2011-2092 (... do not properly restrict creation of classes ...)
+	NOT-FOR-US: Adobe LiveCycle Data Services
+CVE-2011-2091 (... allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-2090
 	RESERVED
 CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the
...)
@@ -786,8 +789,8 @@
 	RESERVED
 CVE-2011-1895
 	RESERVED
-CVE-2011-1894
-	RESERVED
+CVE-2011-1894 (The MHTML protocol handler ... does not properly handle a MIME
format ...)
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1893
 	RESERVED
 CVE-2011-1892
@@ -796,8 +799,8 @@
 	RESERVED
 CVE-2011-1890
 	RESERVED
-CVE-2011-1889
-	RESERVED
+CVE-2011-1889 (The NSPLookupServiceNext function ... allows remote attackers to
execute arbitrary code ...)
+	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
 CVE-2011-1888
 	RESERVED
 CVE-2011-1887
@@ -828,18 +831,18 @@
 	RESERVED
 CVE-2011-1874
 	RESERVED
-CVE-2011-1873
-	RESERVED
-CVE-2011-1872
-	RESERVED
+CVE-2011-1873 (win32k.sys in the kernel-mode drivers ... does not properly
validate pointers during ...)
+	NOT-FOR-US: Microsoft Windows
+CVE-2011-1872 (Hyper-V ... allows guest OS users to cause a denial of service
...)
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1871
 	RESERVED
 CVE-2011-1870
 	RESERVED
-CVE-2011-1869
-	RESERVED
-CVE-2011-1868
-	RESERVED
+CVE-2011-1869 (The Distributed File System (DFS) implementation ... allows
remote DFS servers to cause a denial of service ...)
+	NOT-FOR-US: Microsoft Windows
+CVE-2011-1868 (The Distributed File System (DFS) implementation ... does not
properly validate fields in DFS responses ...)
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-4804
 	NOT-FOR-US: Android Browser
 CVE-2011-XXXX
@@ -2549,76 +2552,76 @@
 	RESERVED
 CVE-2011-1281
 	RESERVED
-CVE-2011-1280
-	RESERVED
-CVE-2011-1279
-	RESERVED
-CVE-2011-1278
-	RESERVED
-CVE-2011-1277
-	RESERVED
-CVE-2011-1276
-	RESERVED
-CVE-2011-1275
-	RESERVED
-CVE-2011-1274
-	RESERVED
-CVE-2011-1273
-	RESERVED
-CVE-2011-1272
-	RESERVED
+CVE-2011-1280 (The XML Editor ... does not properly handle external entities
...)
+	NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio
Express, Visual Studio
+CVE-2011-1279 (... do not properly validate record information ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
+CVE-2011-1278 (... do not properly validate record information ...)
+	NOT-FOR-US: Microsoft Excel, Office
+CVE-2011-1277 (... do not properly validate record information ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
+CVE-2011-1276 (Buffer overflow ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
+CVE-2011-1275 (... do not properly validate record information ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
+CVE-2011-1274 (... do not properly validate record information ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
+CVE-2011-1273 (... do not properly validate record information ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
+CVE-2011-1272 (... do not properly validate record structures ...)
+	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel
Viewer, Office Compatibility Pack
 CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework before 4 beta 2,
when ...)
 	NOT-FOR-US: Microsoft .NET Framework
 CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3
allows ...)
 	NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3
 CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office
2004 and ...)
 	NOT-FOR-US: Microsoft
-CVE-2011-1268
-	RESERVED
-CVE-2011-1267
-	RESERVED
-CVE-2011-1266
-	RESERVED
+CVE-2011-1268 (The SMB client ... allows remote SMB servers to execute
arbitrary ...)
+	NOT-FOR-US: Microsoft Windows
+CVE-2011-1267 (The SMB server ... allows remote attackers to cause a denial of
service ...)
+	NOT-FOR-US: Microsoft Windows
+CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll ...)
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1265
 	RESERVED
-CVE-2011-1264
-	RESERVED
+CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory
Certificate Services Web Enrollment  ...)
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1263
 	RESERVED
-CVE-2011-1262
-	RESERVED
-CVE-2011-1261
-	RESERVED
-CVE-2011-1260
-	RESERVED
+CVE-2011-1262 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1261 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1260 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1259
 	RESERVED
-CVE-2011-1258
-	RESERVED
+CVE-2011-1258 (... does not properly restrict web script ...)
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1257
 	RESERVED
-CVE-2011-1256
-	RESERVED
-CVE-2011-1255
-	RESERVED
-CVE-2011-1254
-	RESERVED
+CVE-2011-1256 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1255 (The Timed Interactive Multimedia Extensions ... does not
properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1254 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1253
 	RESERVED
-CVE-2011-1252
-	RESERVED
-CVE-2011-1251
-	RESERVED
-CVE-2011-1250
-	RESERVED
-CVE-2011-1249
-	RESERVED
+CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API
...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1251 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1250 (... does not properly handle objects in memory ...)
+	NOT-FOR-US: Microsoft Internet Explorer
+CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys ... does not
properly validate user-mode input ...)
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold,
SP2, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-1247
 	RESERVED
-CVE-2011-1246
-	RESERVED
+CVE-2011-1246 (... does not properly handle content settings in HTTP responses
...)
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict
script ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce
intended ...)
@@ -4477,8 +4480,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2011-0664
-	RESERVED
+CVE-2011-0664 (... does not properly validate arguments to unspecified
networking API functions ...)
+	NOT-FOR-US: Microsoft .NET Framework, Silverlight
 CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6
through ...)
 	NOT-FOR-US: Microsoft JScript
 CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode
drivers ...)
@@ -4489,8 +4492,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0659
 	RESERVED
-CVE-2011-0658
-	RESERVED
+CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation
in VBScript.dll ...)
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and
SP3, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010;
Office ...)
@@ -4584,8 +4587,8 @@
 	RESERVED
 CVE-2011-0630
 	RESERVED
-CVE-2011-0629
-	RESERVED
+CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability ...)
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2011-0628
 	RESERVED
 CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X,
Linux, and ...)
@@ -5319,8 +5322,8 @@
 	RESERVED
 CVE-2011-0336
 	RESERVED
-CVE-2011-0335
-	RESERVED
+CVE-2011-0335 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0334
 	RESERVED
 CVE-2011-0333
@@ -5349,14 +5352,14 @@
 	NOT-FOR-US: EMC RSA Access Manager Server
 CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x
before ...)
 	NOT-FOR-US: EMC NetWorker
-CVE-2011-0320
-	RESERVED
-CVE-2011-0319
-	RESERVED
-CVE-2011-0318
-	RESERVED
-CVE-2011-0317
-	RESERVED
+CVE-2011-0320 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-0319 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-0318 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
+CVE-2011-0317 (Dirapi.dll ... allows attackers to execute arbitrary code or
cause a denial of service ...)
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2011-0316 (The Administrative Console component in IBM WebSphere
Application ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2011-0315 (Cross-site scripting (XSS) vulnerability in the Servlet Engine /
Web ...)
Secure testing commits - Jun 2011 - r16823 - data/CVE

[Secure-testing-commits] r16823 - data/CVE
