Author: joeyh
Date: 2012-01-25 21:14:21 +0000 (Wed, 25 Jan 2012)
New Revision: 18297
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-25 19:31:29 UTC (rev 18296)
+++ data/CVE/list 2012-01-25 21:14:21 UTC (rev 18297)
@@ -1,25 +1,25 @@
-CVE-2012-0919
+CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT
Operations ...)
NOT-FOR-US: Hitachi IT Operations Director
-CVE-2012-0918
+CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer,
Net ...)
NOT-FOR-US: Hitachi
-CVE-2012-0917
+CVE-2012-0917 (Cross-site scripting (XSS) vulnerability in Hitachi IT
Operations ...)
NOT-FOR-US: Hitachi IT Operations Analyzer
-CVE-2012-0916
+CVE-2012-0916 (Heap-based buffer overflow in RenRen Talk 2.9 allows remote
attackers ...)
NOT-FOR-US: RenRen Talk
-CVE-2012-0915
+CVE-2012-0915 (Integer signedness error in RenRen Talk 2.9 allows remote
attackers to ...)
NOT-FOR-US: RenRen Talk
-CVE-2012-0914
+CVE-2012-0914 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: admin view in the Panels module for Drupal
-CVE-2012-0913
+CVE-2012-0913 (SQL injection vulnerability in checklogin.aspx in ICloudCenter
...)
NOT-FOR-US: ICloudCenter ICTimeAttendance
-CVE-2012-0912
+CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before
6.0.8.0 ...)
NOT-FOR-US: Stoneware webNetwork
CVE-2012-0911
RESERVED
CVE-2012-0910
RESERVED
-CVE-2012-0909
- RESERVED
+CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde
...)
+ TODO: check
CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis
NeoAxis ...)
NOT-FOR-US: NeoAxis NeoAxis web player
CVE-2012-0906 (SQL injection vulnerability in the Moviebase addon for
deV!L''z ...)
@@ -64,8 +64,7 @@
RESERVED
CVE-2012-0886
RESERVED
-CVE-2012-0908
- RESERVED
+CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in ...)
- simplesamlphp 1.8.2-1
NOTE: http://code.google.com/p/simplesamlphp/issues/detail?id=468
CVE-2012-0884
@@ -262,10 +261,10 @@
RESERVED
CVE-2012-0792
RESERVED
-CVE-2012-0791
- RESERVED
-CVE-2012-0790
- RESERVED
+CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
...)
+ TODO: check
+CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in
Smokeping ...)
+ TODO: check
CVE-2012-0789
RESERVED
CVE-2012-0788
@@ -1131,7 +1130,7 @@
CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes
certain ...)
- gnutls28 3.0.11-1
- gnutls26 <not-affected> (lacks DTLS support and is not affected)
-CVE-2012-0389
+CVE-2012-0389 (Cross-site scripting (XSS) vulnerability in
ForgottenPassword.aspx in ...)
NOT-FOR-US: MailEnable Professional
CVE-2012-0388
RESERVED
@@ -1415,9 +1414,9 @@
- wordpress 3.3.1+dfsg-1
[squeeze] - wordpress <not-affected> (only 3.3.x vulnerable)
[lenny] - wordpress <not-affected> (only 3.3.x vulnerable)
-CVE-2012-0286
+CVE-2012-0286 (Cross-site request forgery (CSRF) vulnerability in Stoneware
...)
NOT-FOR-US: Stoneware webNetwork
-CVE-2012-0285
+CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware
...)
NOT-FOR-US: Stoneware webNetwork
CVE-2012-0284
RESERVED
@@ -1976,15 +1975,15 @@
CVE-2011-4868 (The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2,
when ...)
- isc-dhcp <unfixed> (low; bug #655746)
[squeeze] - isc-dhcp <not-affected> (vulnerable code not present)
-CVE-2011-4867
+CVE-2011-4867 (The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for
Android ...)
NOT-FOR-US: Tencent QQPhoto (com.tencent.qqphoto) application
-CVE-2011-4866
+CVE-2011-4866 (The Kaixin001 (com.kaixin001.activity) application 1.3.1 and
1.3.3 for ...)
NOT-FOR-US: Kaixin001 (com.kaixin001.activity) application
-CVE-2011-4865
+CVE-2011-4865 (The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad
1.4.0 ...)
NOT-FOR-US: Tencent WBlog
-CVE-2011-4864
+CVE-2011-4864 (The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for
...)
NOT-FOR-US: Tencent MobileQQ (com.tencent.mobileqq) application
-CVE-2011-4863
+CVE-2011-4863 (The Tencent QQPimSecure (com.tencent.qqpimsecure) application
3.0.2 ...)
NOT-FOR-US: Tencent QQPimSecure (com.tencent.qqpimsecure) application
CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3
...)
{DSA-2375-1 DSA-2373-1 DSA-2372-1}
@@ -2054,6 +2053,7 @@
CVE-2006-7248
RESERVED
CVE-2006-7247
+ RESERVED
NOT-FOR-US: Joomla
CVE-2005-4894
RESERVED
@@ -2545,15 +2545,15 @@
NOT-FOR-US: Oracle Database Server
CVE-2012-0071
RESERVED
-CVE-2011-4773
+CVE-2011-4773 (The AnGuanJia (com.anguanjia.safe) application 2.10.343 for
Android ...)
NOT-FOR-US: AnGuanJia (com.anguanjia.safe) application
-CVE-2011-4772
+CVE-2011-4772 (The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for
Android ...)
NOT-FOR-US: 360 KouXin (com.qihoo360.kouxin) application
-CVE-2011-4771
+CVE-2011-4771 (The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4
for ...)
NOT-FOR-US: Scan to PDF Free (com.scan.to.pdf.trial) application
-CVE-2011-4770
+CVE-2011-4770 (The QIWI Wallet (ru.mw) application before 1.14.2 for Android
does not ...)
NOT-FOR-US: QIWI Wallet (ru.mw) application
-CVE-2011-4769
+CVE-2011-4769 (The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.1.0
and ...)
NOT-FOR-US: 360 MobileSafe (com.qihoo360.mobilesafe) application
CVE-2011-4768 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk
Small ...)
NOT-FOR-US: Plesk
@@ -2683,23 +2683,23 @@
NOT-FOR-US: SAP Netweaver
CVE-2011-4706
RESERVED
-CVE-2011-4705
+CVE-2011-4705 (The Ming Blacklist Free (vc.software.blacklist) application
1.8.1 and ...)
NOT-FOR-US: Ming Blacklist Free (vc.software.blacklist) application
-CVE-2011-4704
+CVE-2011-4704 (The Voxofon (com.voxofon) application before 2.5.2 for Android
does ...)
NOT-FOR-US: Voxofon (com.voxofon) application
-CVE-2011-4703
+CVE-2011-4703 (The Limit My Call (com.limited.call.view) application 2.11 for
Android ...)
NOT-FOR-US: Limit My Call (com.limited.call.view) application
-CVE-2011-4702
+CVE-2011-4702 (The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for
Android ...)
NOT-FOR-US: Nimbuzz (com.nimbuzz) application
-CVE-2011-4701
+CVE-2011-4701 (The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application
2.0.0 ...)
NOT-FOR-US: CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application
-CVE-2011-4700
+CVE-2011-4700 (The UberMedia UberSocial (com.twidroid) application 7.1.5 and
7.2.2 ...)
NOT-FOR-US: UberMedia UberSocial (com.twidroid) application
-CVE-2011-4699
+CVE-2011-4699 (The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application
4.3.11 ...)
NOT-FOR-US: Ubermedia Twidroyd Legacy (com.twidroydlegacy) application
-CVE-2011-4698
+CVE-2011-4698 (The AndroidAppTools Easy Filter (com.phoneblocker.android)
application ...)
NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android)
-CVE-2011-4697
+CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application
before ...)
NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
CVE-2011-4696
RESERVED
@@ -2713,7 +2713,7 @@
CVE-2012-0070
RESERVED
NOT-FOR-US: spamdyke not in Debian
-CVE-2012-0069
+CVE-2012-0069 (SQL injection vulnerability in ajax.php in Batavi before 1.2.1
allows ...)
NOT-FOR-US: batavi not in Debian
CVE-2012-0068 [heap-buffer underflow when parsing LANalyzer packet]
RESERVED
@@ -2821,8 +2821,7 @@
- wireshark 1.6.5-1 (unimportant)
NOTE: Not suitable for code injection
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
-CVE-2012-0040 [simpleSAMLphp cross site scripting]
- RESERVED
+CVE-2012-0040 (Cross-site scripting (XSS) vulnerability in ...)
{DSA-2387-1}
- simplesamlphp 1.8.2-1
NOTE:
http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
@@ -3006,7 +3005,7 @@
NOT-FOR-US: Wordpress plugin
CVE-2011-4645
RESERVED
-CVE-2011-4644 (Splunk 4.2.5 and earlier, when free mode is used, does not
perform ...)
+CVE-2011-4644 (Splunk 4.2.5 and earlier, when a Free license is selected,
enables ...)
NOT-FOR-US: Splunk Web
CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x
before ...)
NOT-FOR-US: Splunk Web
@@ -4554,6 +4553,7 @@
RESERVED
- ruby1.9.1 <not-affected> (Only affected trunk versions)
CVE-2011-4120 [authentication bypass by pressing ctrl-d]
+ RESERVED
- libpam-yubico 2.10-1
CVE-2011-4119
RESERVED
@@ -6565,8 +6565,10 @@
CVE-2011-3480
RESERVED
CVE-2011-3479
+ RESERVED
NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3478
+ RESERVED
NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3477
RESERVED
@@ -6967,6 +6969,7 @@
CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the
...)
- ofa-kernel <itp> (bug #541849)
CVE-2011-3344
+ RESERVED
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local
users to ...)
{DSA-2386-1}
@@ -7457,6 +7460,7 @@
CVE-2010-4816
RESERVED
CVE-2010-4815
+ RESERVED
NOT-FOR-US: coppermine gallery
CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in
HP ...)
NOT-FOR-US: HP OpenVMS
@@ -8156,6 +8160,7 @@
{DSA-2310-1 DSA-2303-1}
- linux-2.6 3.0.0-2
CVE-2011-2927
+ RESERVED
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
RESERVED
@@ -8172,8 +8177,10 @@
RESERVED
- ktsuss <removed>
CVE-2011-2920
+ RESERVED
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2919
+ RESERVED
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2918
RESERVED
@@ -11440,6 +11447,7 @@
NOTE: CVE-2011-1774 is about webkit''s interface to xmlsec,
CVE-2011-1425 is the actual issue
NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
CVE-2011-1773
+ RESERVED
NOT-FOR-US: virt-v2v
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in
Apache ...)
NOT-FOR-US: Apache Struts 2.x
@@ -11886,6 +11894,7 @@
[squeeze] - rdesktop <no-dsa> (Minor issue)
[lenny] - rdesktop <no-dsa> (Minor issue)
CVE-2011-1594
+ RESERVED
NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in
kernel/pid.c ...)
{DSA-2264-1 DSA-2240-1}
@@ -13775,6 +13784,7 @@
[wheezy] - linux-2.6 2.6.32-31
[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1009
+ RESERVED
NOT-FOR-US: Vanilla Forums
CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9
does not ...)
- request-tracker3.8 3.8.10-1 (bug #614576)
@@ -15128,6 +15138,7 @@
CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla
...)
NOT-FOR-US: Vanilla Forums
CVE-2011-0525
+ RESERVED
NOT-FOR-US: Batavi
CVE-2011-0524
RESERVED
@@ -15865,6 +15876,7 @@
CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple
...)
NOT-FOR-US: CMS Made Simple
CVE-2010-4662
+ RESERVED
NOT-FOR-US: pmwiki
CVE-2010-4661 [arbitrary kernel module loading]
RESERVED
@@ -15872,10 +15884,13 @@
NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
NOTE: fixed by
http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
CVE-2010-4660
+ RESERVED
- statusnet <itp> (bug #491723)
CVE-2010-4659
+ RESERVED
- statusnet <itp> (bug #491723)
CVE-2010-4658
+ RESERVED
- statusnet <itp> (bug #491723)
CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure]
RESERVED
@@ -17096,6 +17111,7 @@
CVE-2009-5026
RESERVED
CVE-2009-5025 [PyForum XSS+CSRF]
+ RESERVED
NOT-FOR-US: PyForum
CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb
...)
TODO: check