Author: joeyh
Date: 2012-01-30 21:14:22 +0000 (Mon, 30 Jan 2012)
New Revision: 18333
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-30 20:44:00 UTC (rev 18332)
+++ data/CVE/list 2012-01-30 21:14:22 UTC (rev 18333)
@@ -1,3 +1,51 @@
+CVE-2012-0936 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-0935 (SQL injection vulnerability in Default.aspx in Aryadad CMS
allows ...)
+ TODO: check
+CVE-2012-0934 (PHP remote file inclusion vulnerability in ajax/savetag.php in
the ...)
+ TODO: check
+CVE-2012-0933 (Multiple cross-site scripting (XSS) vulnerabilities in Acidcat
CMS ...)
+ TODO: check
+CVE-2012-0932 (Cross-site scripting (XSS) vulnerability in admin/login.php in
Lead ...)
+ TODO: check
+CVE-2012-0931 (Schneider Electric Modicon Quantum PLC does not perform
authentication ...)
+ TODO: check
+CVE-2012-0930 (Cross-site scripting (XSS) vulnerability in Schneider Electric
Modicon ...)
+ TODO: check
+CVE-2012-0929 (Multiple buffer overflows in Schneider Electric Modicon Quantum
PLC ...)
+ TODO: check
+CVE-2012-0928
+ RESERVED
+CVE-2012-0927
+ RESERVED
+CVE-2012-0926
+ RESERVED
+CVE-2012-0925
+ RESERVED
+CVE-2012-0924
+ RESERVED
+CVE-2012-0923
+ RESERVED
+CVE-2012-0922
+ RESERVED
+CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45
through 3.65 ...)
+ TODO: check
+CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Support ...)
+ TODO: check
+CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support
...)
+ TODO: check
+CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident
Tracker ...)
+ TODO: check
+CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident
Tracker ...)
+ TODO: check
+CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support
...)
+ TODO: check
+CVE-2011-5069 (Unrestricted file upload vulnerability in
incident_attachments.php in ...)
+ TODO: check
+CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Support ...)
+ TODO: check
+CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!)
3.65 ...)
+ TODO: check
CVE-2012-0921
RESERVED
CVE-2012-0920
@@ -213,8 +261,7 @@
RESERVED
CVE-2012-0815
RESERVED
-CVE-2012-0814 [openssh-server information leakage]
- RESERVED
+CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in
OpenSSH ...)
- openssh-server <unfixed> (bug #657445)
TODO: Check unstable status
TODO: is this DSA or PRSC?
@@ -2789,8 +2836,7 @@
CVE-2012-0057
RESERVED
- php5 5.3.9-1 (bug #656308)
-CVE-2012-0056
- RESERVED
+CVE-2012-0056 (The mem_write function in Linux kernel 2.6.39 and other
versions, when ...)
- linux-2.6 3.2.1-2
[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.39)
@@ -2801,8 +2847,8 @@
CVE-2012-0054
RESERVED
NOT-FOR-US: golismero not in Debian
-CVE-2012-0053
- RESERVED
+CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does
not ...)
+ TODO: check
CVE-2012-0052
RESERVED
CVE-2012-0051
@@ -2861,6 +2907,7 @@
RESERVED
CVE-2012-0036
RESERVED
+ {DSA-2398-1}
- curl 7.24.0-1
[lenny] - curl <not-affected> (Only affects 7.20.0 to 7.23.1)
NOTE: http://curl.haxx.se/docs/adv_20120124.html
@@ -2880,8 +2927,7 @@
TODO: check
CVE-2012-0030 (Nova 2011.3 and Essex, when using the OpenStack API, allows
remote ...)
- nova <unfixed>
-CVE-2012-0029
- RESERVED
+CVE-2012-0029 (Heap-based buffer overflow in the process_tx_desc function in
the ...)
{DSA-2396-1}
- qemu-kvm 1.0+dfsg-5
CVE-2012-0028
@@ -2907,8 +2953,8 @@
- tomcat5 <removed>
- tomcat6 6.0.35-1
- tomcat7 7.0.23-1
-CVE-2012-0021
- RESERVED
+CVE-2012-0021 (The log_cookie function in mod_log_config.c in the
mod_log_config ...)
+ TODO: check
CVE-2011-4695 (Unspecified vulnerability in Microsoft Windows 7 SP1, when Java
is ...)
NOT-FOR-US: Microsoft Windows
CVE-2011-4694 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on
Windows ...)
@@ -3101,8 +3147,7 @@
RESERVED
CVE-2011-4623
RESERVED
-CVE-2011-4622
- RESERVED
+CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83,
and ...)
{DSA-2389-1}
- linux-2.6 <unfixed>
CVE-2011-4621
@@ -3152,8 +3197,8 @@
RESERVED
CVE-2011-4609
RESERVED
-CVE-2011-4608
- RESERVED
+CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for
Red Hat ...)
+ TODO: check
CVE-2011-4607 [http://seclists.org/oss-sec/2011/q4/500]
RESERVED
- putty 0.62-1 (unimportant)
@@ -3181,6 +3226,7 @@
RESERVED
CVE-2011-4599
RESERVED
+ {DSA-2397-1}
- icu 4.8.1.1-3 (bug #654883)
CVE-2011-4598 (channels/chan_sip.c in Asterisk Open Source 1.6.2.x before
1.6.2.21 ...)
{DSA-2367-1}
@@ -3887,8 +3933,7 @@
CVE-2011-4338
RESERVED
NOT-FOR-US: Arch-Linux specific tool
-CVE-2011-4337
- RESERVED
+CVE-2011-4337 (Static code injection vulnerability in translate.php in Support
...)
NOT-FOR-US: Support Incident Tracker
CVE-2011-4336
RESERVED
@@ -3906,8 +3951,7 @@
CVE-2011-4331
REJECTED
NOTE: Duplicate of CVE-2011-4110, will be rejected
-CVE-2011-4330
- RESERVED
+CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in ...)
- linux-2.6 3.1.4-1
CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr
3.1.0 ...)
- dolibarr <itp> (bug #634783)
@@ -3923,8 +3967,8 @@
RESERVED
- linux-2.6 2.6.39-1
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-4325
- RESERVED
+CVE-2011-4325 (The NFS implementation in Linux kernel before 2.6.31-rc6 calls
certain ...)
+ TODO: check
CVE-2011-4324
RESERVED
- linux-2.6 <not-affected> (RHEL5-specific backport error)
@@ -3957,8 +4001,8 @@
[squeeze] - nginx <no-dsa> (Minor issue)
[lenny] - nginx <no-dsa> (Minor issue)
NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
-CVE-2011-4314
- RESERVED
+CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as
used ...)
+ TODO: check
CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through
9.4-ESV-R5, ...)
{DSA-2347-1}
- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
@@ -4547,8 +4591,7 @@
RESERVED
{DSA-2262-1}
- moodle 1.9.9.dfsg2-3
-CVE-2011-4132
- RESERVED
+CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device
(JBD) ...)
- linux-2.6 <unfixed>
CVE-2011-4131
RESERVED
@@ -4607,8 +4650,7 @@
- qemu 0.15.1+dfsg-2
[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
-CVE-2011-4110
- RESERVED
+CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the
Linux ...)
{DSA-2389-1}
- linux-2.6 3.1.4-1
CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when
...)
@@ -4728,8 +4770,7 @@
[squeeze] - roundcube <not-affected> (squeeze PHP version does not
expose the issue)
NOTE: http://trac.roundcube.net/ticket/1488086
NOTE: This is arguably a PHP issue, but will probably not be fixed upstream.
-CVE-2011-4077
- RESERVED
+CVE-2011-4077 (Buffer overflow in the xfs_readlink function in
fs/xfs/xfs_vnodeops.c ...)
{DSA-2389-1}
- linux-2.6 3.0.0-6
CVE-2011-4076
@@ -5520,8 +5561,8 @@
CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag
and ...)
- chromium-browser 15.0.874.106~r107270-1 (unimportant)
- webkit <not-affected> (Chrome issue)
-CVE-2011-3874
- RESERVED
+CVE-2011-3874 (Stack-based buffer overflow in libsysutils in Android 2.2.x
through ...)
+ TODO: check
CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement
shader ...)
- chromium-browser 14.0.835.202~r103287-1
[squeeze] - chromium-browser <not-affected>
@@ -5618,16 +5659,16 @@
NOT-FOR-US: Wuzly
CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp
before ...)
NOT-FOR-US: Winamp
-CVE-2011-3833
- RESERVED
-CVE-2011-3832
- RESERVED
-CVE-2011-3831
- RESERVED
-CVE-2011-3830
- RESERVED
-CVE-2011-3829
- RESERVED
+CVE-2011-3833 (Unrestricted file upload vulnerability in ftp_upload_file.php in
...)
+ TODO: check
+CVE-2011-3832 (Eval injection vulnerability in config.php in Support Incident
Tracker ...)
+ TODO: check
+CVE-2011-3831 (SQL injection vulnerability in incident_attachments.php in
Support ...)
+ TODO: check
+CVE-2011-3830 (Cross-site scripting (XSS) vulnerability in search.php in
Support ...)
+ TODO: check
+CVE-2011-3829 (ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65
allows ...)
+ TODO: check
CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows
remote ...)
NOT-FOR-US: DVR Remote
CVE-2011-3827
@@ -6147,8 +6188,7 @@
CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote
attackers to ...)
- clamav 0.97.3+dfsg-1 (low)
[squeeze] - clamav 0.97.3+dfsg-1~squeeze1
-CVE-2011-3626
- RESERVED
+CVE-2011-3626 (Double free vulnerability in the prepare_exec function in
src/exec.c ...)
NOT-FOR-US: Logsurfer
CVE-2011-3625 [mplayer SAMI subtitle parsing buffer overflow]
RESERVED
@@ -6856,7 +6896,7 @@
[lenny] - masqmail <no-dsa> (no security issue by itself)
[squeeze] - masqmail <no-dsa> (no security issue by itself)
CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft
...)
- {DSA-2368-1 DSA-2358-1 DSA-2356-1}
+ {DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1}
- sun-java6 <removed> (bug #645881)
- lighttpd 1.4.30-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -10307,8 +10347,7 @@
{DSA-2310-1}
- linux-2.6 2.6.32-1
NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
-CVE-2011-2203 [HFS DoS]
- RESERVED
+CVE-2011-2203 (The hfs_find_init function in the Linux kernel 2.6 allows local
users ...)
- linux-2.6 <unfixed>
CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP
before ...)
{DSA-2266-1}
@@ -13275,8 +13314,7 @@
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux
kernel ...)
{DSA-2264-1 DSA-2240-1}
- linux-2.6 2.6.38-1
-CVE-2011-1162
- RESERVED
+CVE-2011-1162 (The tpm_read function in the Linux kernel 2.6 does not properly
clear ...)
- linux-2.6 3.0.0-5 (low)
CVE-2011-1161
REJECTED