Author: joeyh
Date: 2011-08-17 21:14:18 +0000 (Wed, 17 Aug 2011)
New Revision: 17094
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-08-17 19:13:18 UTC (rev 17093)
+++ data/CVE/list 2011-08-17 21:14:18 UTC (rev 17094)
@@ -1,3 +1,65 @@
+CVE-2011-3169
+ RESERVED
+CVE-2011-3168
+ RESERVED
+CVE-2011-3167
+ RESERVED
+CVE-2011-3166
+ RESERVED
+CVE-2011-3165
+ RESERVED
+CVE-2011-3164
+ RESERVED
+CVE-2011-3163
+ RESERVED
+CVE-2011-3162
+ RESERVED
+CVE-2011-3161
+ RESERVED
+CVE-2011-3160
+ RESERVED
+CVE-2011-3159
+ RESERVED
+CVE-2011-3158
+ RESERVED
+CVE-2011-3157
+ RESERVED
+CVE-2011-3156
+ RESERVED
+CVE-2011-3155
+ RESERVED
+CVE-2011-3154
+ RESERVED
+CVE-2011-3153
+ RESERVED
+CVE-2011-3152
+ RESERVED
+CVE-2011-3151
+ RESERVED
+CVE-2011-3150
+ RESERVED
+CVE-2011-3149
+ RESERVED
+CVE-2011-3148
+ RESERVED
+CVE-2011-3147
+ RESERVED
+CVE-2011-3146
+ RESERVED
+CVE-2011-3145
+ RESERVED
+CVE-2011-3144 (Cross-site scripting (XSS) vulnerability in Control Microsystems
...)
+ TODO: check
+CVE-2011-3143 (Use-after-free vulnerability in Control Microsystems ClearSCADA
2005, ...)
+ TODO: check
+CVE-2011-3142 (Stack-based buffer overflow in an ActiveX control in
KVWebSvr.dll in ...)
+ TODO: check
+CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for
Invensys ...)
+ TODO: check
+CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1
and ...)
+ TODO: check
+CVE-2011-3139
+ RESERVED
CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli
Federated ...)
NOT-FOR-US: Tivoli
CVE-2011-3137 (Unspecified vulnerability in the Management Console in IBM
Tivoli ...)
@@ -265,8 +327,8 @@
NOTE: Current openarena packages use the share ioquake3 engine
[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point
update)
- ioquake3 1.36+svn1946-4
-CVE-2011-3011
- RESERVED
+CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly
handle ...)
+ TODO: check
CVE-2011-3010
RESERVED
CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon
forking, ...)
@@ -380,6 +442,7 @@
- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2984
RESERVED
+ {DSA-2296-1 DSA-2295-1}
- xulrunner <removed>
[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
- iceweasel 6.0-1
@@ -388,6 +451,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2983
RESERVED
+ {DSA-2296-1 DSA-2295-1}
- xulrunner <removed>
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
@@ -396,6 +460,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2982
RESERVED
+ {DSA-2296-1 DSA-2295-1}
- xulrunner <removed>
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
@@ -404,6 +469,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2981
RESERVED
+ {DSA-2296-1 DSA-2295-1}
- xulrunner <removed>
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
@@ -577,8 +643,8 @@
- linux-2.6 3.0.0-2
CVE-2011-2908
RESERVED
-CVE-2011-2907
- RESERVED
+CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE
Resource ...)
+ TODO: check
CVE-2011-2906
RESERVED
CVE-2011-2905
@@ -939,12 +1005,12 @@
NOT-FOR-US: Parodia
CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows
remote ...)
NOT-FOR-US: Novell File Reporter
-CVE-2011-2749
- RESERVED
+CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
...)
{DSA-2292-1}
-CVE-2011-2748
- RESERVED
+ TODO: check
+CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
...)
{DSA-2292-1}
+ TODO: check
CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle
invalid ...)
NOT-FOR-US: Google Picasa
CVE-2011-2746
@@ -981,8 +1047,7 @@
RESERVED
CVE-2011-2730
RESERVED
-CVE-2011-2729 [jsvc does not drop capabilities allowing the application to
access files and directories owned by superuser]
- RESERVED
+CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component
1.0.3 ...)
- commons-daemon 1.0.7-1
NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be
build againt libcap to be exploitable
CVE-2011-2728
@@ -1647,8 +1712,7 @@
NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
CVE-2011-2482
RESERVED
-CVE-2011-2481
- RESERVED
+CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to
replace ...)
- tomcat7 7.0.19-1
CVE-2011-2480 [kfreebsd info disclosure]
RESERVED
@@ -1753,8 +1817,8 @@
RESERVED
CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X,
Linux, and ...)
NOT-FOR-US: Adobe Flash Player
-CVE-2011-2424
- RESERVED
+CVE-2011-2424 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X,
Linux, and ...)
+ TODO: check
CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows
remote ...)
TODO: check
CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows
remote ...)
@@ -1841,6 +1905,7 @@
TODO: check
CVE-2011-2378
RESERVED
+ {DSA-2296-1 DSA-2295-1}
- xulrunner <removed>
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
@@ -7124,10 +7189,10 @@
RESERVED
CVE-2011-0552
RESERVED
-CVE-2011-0551
- RESERVED
-CVE-2011-0550
- RESERVED
+CVE-2011-0551 (Cross-site request forgery (CSRF) vulnerability in the Web
Interface ...)
+ TODO: check
+CVE-2011-0550 (Multiple cross-site scripting (XSS) vulnerabilities in the Web
...)
+ TODO: check
CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI
in ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer
in ...)
@@ -7195,8 +7260,8 @@
RESERVED
- puppet 2.6.2-3
[lenny] - puppet <not-affected> (Only affects 2.6.x)
-CVE-2011-0527
- RESERVED
+CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x
before ...)
+ TODO: check
CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla
...)
NOT-FOR-US: Vanilla Forums
CVE-2011-0525
@@ -8138,10 +8203,10 @@
RESERVED
CVE-2011-0258
RESERVED
-CVE-2011-0257
- RESERVED
-CVE-2011-0256
- RESERVED
+CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows
remote ...)
+ TODO: check
+CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote
attackers ...)
+ TODO: check
CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
- chromium-browser <undetermined>
- webkit <undetermined>
@@ -8600,6 +8665,7 @@
- icedove 3.1.11-1
CVE-2011-0084
RESERVED
+ {DSA-2296-1 DSA-2295-1}
[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.6)
- iceweasel 6.0-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)