thr3ads.net - Secure testing commits - [Secure-testing-commits] r17887

If this information is useful, please help other people find it:
Share via:
Joey Hess
2011-Dec-28 21:14 UTC
[Secure-testing-commits] r17887 - data/CVE

Author: joeyh
Date: 2011-12-28 21:14:25 +0000 (Wed, 28 Dec 2011)
New Revision: 17887

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-28 20:09:48 UTC (rev 17886)
+++ data/CVE/list	2011-12-28 21:14:25 UTC (rev 17887)
@@ -1,18 +1,267 @@
+CVE-2011-5019
+	RESERVED
+CVE-2011-5018
+	RESERVED
+CVE-2011-5017
+	RESERVED
+CVE-2011-5016
+	RESERVED
+CVE-2011-5015
+	RESERVED
+CVE-2011-5014
+	RESERVED
+CVE-2011-5013
+	RESERVED
+CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client
(rftpcom.dll ...)
+	TODO: check
+CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300
allows ...)
+	TODO: check
+CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys
3.4 ...)
+	TODO: check
+CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys
3.4 SP4 ...)
+	TODO: check
+CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S
...)
+	TODO: check
+CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote
...)
+	TODO: check
+CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and
earlier ...)
+	TODO: check
+CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php
in the ...)
+	TODO: check
+CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer ...)
+	TODO: check
+CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before
8.02 ...)
+	TODO: check
+CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask
function ...)
+	TODO: check
+CVE-2011-5000
+	RESERVED
+CVE-2011-4999
+	RESERVED
+CVE-2011-4998
+	RESERVED
+CVE-2011-4997
+	RESERVED
+CVE-2011-4996
+	RESERVED
+CVE-2011-4995
+	RESERVED
+CVE-2011-4994
+	RESERVED
+CVE-2011-4993
+	RESERVED
+CVE-2011-4992
+	RESERVED
+CVE-2011-4991
+	RESERVED
+CVE-2011-4990
+	RESERVED
+CVE-2011-4989
+	RESERVED
+CVE-2011-4988
+	RESERVED
+CVE-2011-4987
+	RESERVED
+CVE-2011-4986
+	RESERVED
+CVE-2011-4985
+	RESERVED
+CVE-2011-4984
+	RESERVED
+CVE-2011-4983
+	RESERVED
+CVE-2011-4982
+	RESERVED
+CVE-2011-4981
+	RESERVED
+CVE-2011-4980
+	RESERVED
+CVE-2011-4979
+	RESERVED
+CVE-2011-4978
+	RESERVED
+CVE-2011-4977
+	RESERVED
+CVE-2011-4976
+	RESERVED
+CVE-2011-4975
+	RESERVED
+CVE-2011-4974
+	RESERVED
+CVE-2011-4973
+	RESERVED
+CVE-2011-4972
+	RESERVED
+CVE-2011-4971
+	RESERVED
+CVE-2011-4970
+	RESERVED
+CVE-2011-4969
+	RESERVED
+CVE-2011-4968
+	RESERVED
+CVE-2011-4967
+	RESERVED
+CVE-2011-4966
+	RESERVED
+CVE-2011-4965
+	RESERVED
+CVE-2011-4964
+	RESERVED
+CVE-2011-4963
+	RESERVED
+CVE-2011-4962
+	RESERVED
+CVE-2011-4961
+	RESERVED
+CVE-2011-4960
+	RESERVED
+CVE-2011-4959
+	RESERVED
+CVE-2011-4958
+	RESERVED
+CVE-2011-4957
+	RESERVED
+CVE-2011-4956
+	RESERVED
+CVE-2011-4955
+	RESERVED
+CVE-2011-4954
+	RESERVED
+CVE-2011-4953
+	RESERVED
+CVE-2011-4952
+	RESERVED
+CVE-2011-4951
+	RESERVED
+CVE-2011-4950
+	RESERVED
+CVE-2011-4949
+	RESERVED
+CVE-2011-4948
+	RESERVED
+CVE-2011-4947
+	RESERVED
+CVE-2011-4946
+	RESERVED
+CVE-2011-4945
+	RESERVED
+CVE-2011-4944
+	RESERVED
+CVE-2011-4943
+	RESERVED
+CVE-2011-4942
+	RESERVED
+CVE-2011-4941
+	RESERVED
+CVE-2011-4940
+	RESERVED
+CVE-2011-4939
+	RESERVED
+CVE-2011-4938
+	RESERVED
+CVE-2011-4937
+	RESERVED
+CVE-2011-4936
+	RESERVED
+CVE-2011-4935
+	RESERVED
+CVE-2011-4934
+	RESERVED
+CVE-2011-4933
+	RESERVED
+CVE-2011-4932
+	RESERVED
+CVE-2011-4931
+	RESERVED
+CVE-2011-4930
+	RESERVED
+CVE-2011-4929
+	RESERVED
+CVE-2011-4928
+	RESERVED
+CVE-2011-4927
+	RESERVED
+CVE-2011-4926
+	RESERVED
+CVE-2011-4925
+	RESERVED
+CVE-2011-4924
+	RESERVED
+CVE-2011-4923
+	RESERVED
+CVE-2011-4922
+	RESERVED
+CVE-2011-4921
+	RESERVED
+CVE-2011-4920
+	RESERVED
+CVE-2011-4919
+	RESERVED
+CVE-2011-4918
+	RESERVED
+CVE-2011-4917
+	RESERVED
+CVE-2011-4916
+	RESERVED
+CVE-2011-4915
+	RESERVED
+CVE-2011-4914
+	RESERVED
+CVE-2011-4913
+	RESERVED
+CVE-2011-4912
+	RESERVED
+CVE-2011-4911
+	RESERVED
+CVE-2011-4910
+	RESERVED
+CVE-2011-4909
+	RESERVED
+CVE-2011-4908
+	RESERVED
+CVE-2011-4907
+	RESERVED
+CVE-2011-4906
+	RESERVED
+CVE-2011-4905
+	RESERVED
+CVE-2011-4899
+	RESERVED
+CVE-2011-4898
+	RESERVED
+CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter
3.1.2.1 ...)
+	TODO: check
+CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of
service ...)
+	TODO: check
+CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service
(daemon ...)
+	TODO: check
+CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows
...)
+	TODO: check
+CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to
cause a ...)
+	TODO: check
 CVE-2011-XXXX [php5 session id is world-readable]
 	- php5 <unfixed> (low; bug #653169)
 CVE-2011-4904
+	RESERVED
 	{DSA-2289-1}
 	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
 CVE-2011-4903
+	RESERVED
 	{DSA-2289-1}
 	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
 CVE-2011-4902
+	RESERVED
 	{DSA-2289-1}
 	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
 CVE-2011-4901
+	RESERVED
 	{DSA-2289-1}
 	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
 CVE-2011-4900
+	RESERVED
 	{DSA-2289-1}
 	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
 CVE-2012-0264
@@ -174,8 +423,7 @@
 	RESERVED
 CVE-2011-4863
 	RESERVED
-CVE-2011-4862 [remote root exploit in Kerberized telnetd]
-	RESERVED
+CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3
...)
 	{DSA-2375-1 DSA-2373-1 DSA-2372-1}
 	- heimdal <unfixed> (high)
 	- inetutils 2:1.8-6 (high)
@@ -594,10 +842,10 @@
 	RESERVED
 CVE-2011-4785
 	RESERVED
-CVE-2011-4784
-	RESERVED
-CVE-2011-4783
-	RESERVED
+CVE-2011-4784 (The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not
...)
+	TODO: check
+CVE-2011-4783 (The IDAPython plugin before 1.5.2.3 in IDA Pro allows
user-assisted ...)
+	TODO: check
 CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in ...)
 	- phpmyadmin 4:3.4.9-1
 CVE-2011-4781
@@ -1242,8 +1490,8 @@
 	TODO: check
 CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1
does not ...)
 	TODO: check
-CVE-2011-4601
-	RESERVED
+CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in
Pidgin ...)
+	TODO: check
 CVE-2011-4600
 	RESERVED
 CVE-2011-4599
@@ -1255,8 +1503,7 @@
 CVE-2011-4597 (The SIP over UDP implementation in Asterisk Open Source 1.4.x
before ...)
 	{DSA-2367-1}
 	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
-CVE-2011-4596
-	RESERVED
+CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova
before ...)
 	- nova 2012.1~e1-4
 CVE-2011-4595
 	RESERVED
@@ -1408,10 +1655,9 @@
 	- isc-dhcp <unfixed> (bug #652259; low)
 CVE-2011-4538
 	RESERVED
-CVE-2011-4537
-	RESERVED
-CVE-2011-4536
-	RESERVED
+CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive
Graphical ...)
+	TODO: check
+CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe
(aka ...)
 	NOT-FOR-US: Celery for Django
 CVE-2011-4535
 	RESERVED
@@ -1849,8 +2095,7 @@
 	- libproc-processtable-perl <unfixed> (low; bug #650500)
 	[squeeze] - libproc-processtable-perl <no-dsa> (Minor issue)
 	[lenny] - libproc-processtable-perl <no-dsa> (Minor issue)
-CVE-2011-4362 [lighttpd signedness issue dos]
-	RESERVED
+CVE-2011-4362 (Integer signedness error in the base64_decode function in the
HTTP ...)
 	{DSA-2368-1}
 	- lighttpd 1.4.30-1 (low; bug #652726)
 	NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
@@ -2519,14 +2764,14 @@
 CVE-2011-4170 (Cross-site scripting (XSS) vulnerability in the ...)
 	- empathy 3.2.1.1-1
 	[lenny] - empathy <not-affected> (only affects webkit theming, not
present in Lenny)
-CVE-2011-4169
-	RESERVED
-CVE-2011-4168
-	RESERVED
-CVE-2011-4167
-	RESERVED
-CVE-2011-4166
-	RESERVED
+CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration
before ...)
+	TODO: check
+CVE-2011-4168 (Directory traversal vulnerability in
hpmpa/jobDelivery/Default.asp in ...)
+	TODO: check
+CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed
Printing ...)
+	TODO: check
+CVE-2011-4166 (Directory traversal vulnerability in the ...)
+	TODO: check
 CVE-2011-4165
 	RESERVED
 CVE-2011-4164
@@ -2859,8 +3104,8 @@
 	NOT-FOR-US: InduSoft Web Studio
 CVE-2011-4051 (CEServer.exe in the CEServer component in the Remote Agent
module in ...)
 	NOT-FOR-US: InduSoft Web Studio
-CVE-2011-4050
-	RESERVED
+CVE-2011-4050 (Buffer overflow in 7-Technologies (7T) Interactive Graphical
SCADA ...)
+	TODO: check
 CVE-2011-4049
 	RESERVED
 CVE-2011-4048 (The Dell KACE K2000 System Deployment Appliance has a default
username ...)
@@ -3596,20 +3841,20 @@
 	RESERVED
 CVE-2011-3842
 	RESERVED
-CVE-2011-3841
-	RESERVED
+CVE-2011-3841 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
 CVE-2011-3840
 	RESERVED
-CVE-2011-3839
-	RESERVED
-CVE-2011-3838
-	RESERVED
-CVE-2011-3837
-	RESERVED
-CVE-2011-3836
-	RESERVED
-CVE-2011-3835
-	RESERVED
+CVE-2011-3839 (The administration functionality in Wuzly 2.0 allows remote
attackers ...)
+	TODO: check
+CVE-2011-3838 (Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote
...)
+	TODO: check
+CVE-2011-3837 (Directory traversal vulnerability in
blog_system/data_functions.php in ...)
+	TODO: check
+CVE-2011-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Wuzly ...)
+	TODO: check
+CVE-2011-3835 (Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0
allow ...)
+	TODO: check
 CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp
before ...)
 	NOT-FOR-US: Winamp
 CVE-2011-3833
@@ -4868,8 +5113,7 @@
 	- php5 <unfixed>
 	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
 	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
-CVE-2011-3378
-	RESERVED
+CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote
...)
 	- rpm 4.9.1.2-1 (low; bug #645325)
 	[squeeze] - rpm <no-dsa> (rpm isn''t used a a package manager,
very limited attack vector)
 	[lenny] - rpm <no-dsa> (rpm isn''t used a a package manager,
very limited attack vector)
@@ -4885,8 +5129,7 @@
 	NOTE: Not exploitable in Debian, since no keyring URI is defined
 CVE-2011-3373
 	RESERVED
-CVE-2011-3372
-	RESERVED
+CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x
before ...)
 	{DSA-2318-1}
 	- cyrus-imapd-2.2 2.4.11-1 (medium)
 	- cyrus-imapd-2.4 2.4.11-1 (medium)
@@ -10578,18 +10821,18 @@
 	RESERVED
 CVE-2011-1394
 	RESERVED
-CVE-2011-1393
-	RESERVED
-CVE-2011-1392
-	RESERVED
-CVE-2011-1391
-	RESERVED
+CVE-2011-1393 (Unspecified vulnerability in the authentication functionality in
the ...)
+	TODO: check
+CVE-2011-1392 (The Blueberry FlashBack ActiveX control in BB FlashBack
Recorder.dll ...)
+	TODO: check
+CVE-2011-1391 (The Blueberry FlashBack ActiveX control in BB FlashBack
Recorder.dll ...)
+	TODO: check
 CVE-2011-1390
 	RESERVED
 CVE-2011-1389
 	RESERVED
-CVE-2011-1388
-	RESERVED
+CVE-2011-1388 (The Blueberry FlashBack ActiveX control in BB FlashBack
Recorder.dll ...)
+	TODO: check
 CVE-2011-1387
 	RESERVED
 CVE-2011-1386
Secure testing commits - Dec 2011 - r17887 - data/CVE

[Secure-testing-commits] r17887 - data/CVE
