thr3ads.net - Secure testing commits - [Secure-testing-commits] r17265

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Sep-21 21:14 UTC
[Secure-testing-commits] r17265 - data/CVE

Author: joeyh
Date: 2011-09-21 21:14:23 +0000 (Wed, 21 Sep 2011)
New Revision: 17265

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-09-21 15:51:34 UTC (rev 17264)
+++ data/CVE/list	2011-09-21 21:14:23 UTC (rev 17265)
@@ -1,3 +1,5 @@
+CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through
7.0.0.3 ...)
+	TODO: check
 CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino
8.5.2 ...)
 	TODO: check
 CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt
function in ...)
@@ -335,20 +337,17 @@
 	NOTE:
https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
 	NOTE: https://www.djangoproject.com/weblog/2011/sep/10/127/
 	NOTE: CVE id requested on oss-security
-CVE-2011-3482 [Wireshark CSN.1 dissector vulnerability]
-	RESERVED
+CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c
in ...)
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
-CVE-2011-3483 [Wireshark buffer exception handling vulnerability]
-	RESERVED
+CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a
denial ...)
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
-CVE-2011-3484 [Wireshark OpenSafety dissector vulnerability]
-	RESERVED
+CVE-2011-3484 (The unxorFrame function in epan/dissectors/packet-opensafety.c
in the ...)
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
 	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
@@ -519,8 +518,7 @@
 	- backuppc 3.2.1-1 (bug #641450)
 	NOTE:
http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
 	NOTE:
http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
-CVE-2011-3360 [Wireshark Lua script execution vulnerability]
-	RESERVED
+CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before
1.4.9 ...)
 	- wireshark <unfixed> (low)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-15.html
 CVE-2011-3359
@@ -558,8 +556,7 @@
 CVE-2011-3349 [lightdm denial of service]
 	RESERVED
 	- lightdm 0.9.6-1 (bug #639151)
-CVE-2011-3348 [mod_proxy_ajp when combined with mod_proxy_balancer: DoS]
-	RESERVED
+CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before
2.2.21, when ...)
 	- apache2 <unfixed>
 	[lenny] - apache2 <not-affected> (introduced in 2.2.12)
 CVE-2011-3347
@@ -1626,8 +1623,8 @@
 	RESERVED
 CVE-2011-2926
 	RESERVED
-CVE-2011-2925
-	RESERVED
+CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG)
2.0 ...)
+	TODO: check
 CVE-2011-2924
 	RESERVED
 CVE-2011-2923
@@ -2337,8 +2334,8 @@
 	RESERVED
 CVE-2011-2673
 	RESERVED
-CVE-2011-2672
-	RESERVED
+CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle
before ...)
+	TODO: check
 CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th
...)
 	NOT-FOR-US: Megalith
 CVE-2011-2670
@@ -4298,8 +4295,8 @@
 	RESERVED
 CVE-2011-1912
 	RESERVED
-CVE-2011-1911
-	RESERVED
+CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0 and
3.7.1 ...)
+	TODO: check
 CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
...)
 	{DSA-2244-1}
 	- bind9 <unfixed> (high)
@@ -5430,10 +5427,10 @@
 	NOT-FOR-US: Autonomy KeyView
 CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
 	NOT-FOR-US: Oracle Sun Products Suite
-CVE-2011-1510
-	RESERVED
-CVE-2011-1509
-	RESERVED
+CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in
...)
+	TODO: check
+CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine
ServiceDesk ...)
+	TODO: check
 CVE-2011-1508
 	RESERVED
 CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before
1.6.1.25, ...)
Secure testing commits - Sep 2011 - r17265 - data/CVE

[Secure-testing-commits] r17265 - data/CVE
