Author: joeyh
Date: 2011-11-04 21:14:24 +0000 (Fri, 04 Nov 2011)
New Revision: 17552
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-11-04 17:38:31 UTC (rev 17551)
+++ data/CVE/list 2011-11-04 21:14:24 UTC (rev 17552)
@@ -1,3 +1,9 @@
+CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum
ProjectForum ...)
+ TODO: check
+CVE-2011-4276
+ RESERVED
+CVE-2011-4275
+ RESERVED
CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and
...)
TODO: check
CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead
...)
@@ -576,19 +582,16 @@
CVE-2011-4103
RESERVED
- python-django-piston <unfixed> (bug #647315)
-CVE-2011-4102
- RESERVED
+CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in
...)
- wireshark 1.6.3-1
NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html
NOTE:
http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch
NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to
the supported upstream branches
-CVE-2011-4101
- RESERVED
+CVE-2011-4101 (The dissect_infiniband_common function in ...)
- wireshark 1.6.3-1 (unimportant)
NOTE: no code injection, not treated as a security issue, see
README.Debian.security
NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html
-CVE-2011-4100
- RESERVED
+CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c
in ...)
- wireshark 1.6.3-1
[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
@@ -656,8 +659,8 @@
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with
eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP
...)
- openldap <unfixed> (low; bug #647610)
-CVE-2011-4078
- RESERVED
+CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when
PHP ...)
+ TODO: check
CVE-2011-4077
RESERVED
- linux-2.6 3.0.0-6
@@ -1049,16 +1052,16 @@
RESERVED
CVE-2011-3997
RESERVED
-CVE-2011-3996
- RESERVED
+CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote
...)
+ TODO: check
CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten
1.06 ...)
TODO: check
-CVE-2011-3994
- RESERVED
-CVE-2011-3993
- RESERVED
-CVE-2011-3992
- RESERVED
+CVE-2011-3994 (Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS
before ...)
+ TODO: check
+CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and
earlier, ...)
+ TODO: check
+CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link
DES-3800 ...)
+ TODO: check
CVE-2011-3991
RESERVED
CVE-2011-3990
@@ -1067,10 +1070,10 @@
RESERVED
CVE-2011-3988 (SQL injection vulnerability in data/class/SC_Query.php in
EC-CUBE ...)
TODO: check
-CVE-2011-3987
- RESERVED
-CVE-2011-3986
- RESERVED
+CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard
...)
+ TODO: check
+CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0
allows ...)
+ TODO: check
CVE-2011-3985
RESERVED
CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
@@ -2598,8 +2601,7 @@
NOT-FOR-US: Phorum
CVE-2011-3380
RESERVED
-CVE-2011-3379
- RESERVED
+CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the
...)
- php5 <unfixed>
[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
[lenny] - php5 <not-affected> (Introduced in 5.3.7)
@@ -4400,12 +4402,15 @@
NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
CVE-2011-2773
RESERVED
+ {DSA-2334-1}
- mahara 1.4.1-1
CVE-2011-2772
RESERVED
+ {DSA-2334-1}
- mahara 1.4.1-1
CVE-2011-2771
RESERVED
+ {DSA-2334-1}
- mahara 1.4.1-1
CVE-2011-2770 [man2html XSS]
RESERVED