Author: joeyh
Date: 2012-02-13 21:14:29 +0000 (Mon, 13 Feb 2012)
New Revision: 18433
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-02-13 18:57:04 UTC (rev 18432)
+++ data/CVE/list 2012-02-13 21:14:29 UTC (rev 18433)
@@ -1,3 +1,23 @@
+CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service ...)
+ TODO: check
+CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM
Cognos TM1 ...)
+ TODO: check
+CVE-2012-1045
+ RESERVED
+CVE-2012-1044
+ RESERVED
+CVE-2012-1043
+ RESERVED
+CVE-2012-1042
+ RESERVED
+CVE-2012-1041
+ RESERVED
+CVE-2012-1040
+ RESERVED
+CVE-2012-1039
+ RESERVED
CVE-2012-1038
RESERVED
CVE-2012-1037
@@ -429,8 +449,7 @@
- surf 0.4.1-6 (bug #659296)
CVE-2012-0841
RESERVED
-CVE-2012-0840
- RESERVED
+CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library
through ...)
- apr <unfixed> (low; bug #655435)
NOTE: Commit
http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD
at eris.apache.org%3E seems to cause regressions
CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without
restricting the ...)
@@ -443,15 +462,14 @@
RESERVED
CVE-2012-0835
RESERVED
-CVE-2012-0834
- RESERVED
+CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php
in ...)
- phpldapadmin 1.2.2-1 (bug #658907)
CVE-2012-0833
RESERVED
CVE-2012-0832
RESERVED
-CVE-2012-0831
- RESERVED
+CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change
to the ...)
+ {DSA-2408-1}
- php5 5.3.10-1
CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP
5.3.9 ...)
{DSA-2403-1}
@@ -584,6 +602,7 @@
RESERVED
CVE-2012-0788
RESERVED
+ {DSA-2408-1}
- php5 5.3.9-1
CVE-2012-0787
RESERVED
@@ -602,6 +621,7 @@
- wordpress <unfixed>
NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote
attackers ...)
+ {DSA-2408-1}
- php5 5.3.9-1 (low)
CVE-2012-0780
RESERVED
@@ -1297,8 +1317,7 @@
RESERVED
CVE-2012-0453
RESERVED
-CVE-2012-0452
- RESERVED
+CVE-2012-0452 (Use-after-free vulnerability in Mozilla Firefox 10.x before
10.0.1, ...)
- icedove <not-affected> (Introduced in Thunderbird 10)
- iceweasel 10.0.1-1
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 10)
@@ -3710,10 +3729,10 @@
NOT-FOR-US: WellinTech KingView
CVE-2011-4535
RESERVED
-CVE-2011-4534
- RESERVED
-CVE-2011-4533
- RESERVED
+CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0
allows ...)
+ TODO: check
+CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0
allows ...)
+ TODO: check
CVE-2011-4532 (Absolute path traversal vulnerability in the
ALMListView.ALMListCtrl ...)
NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through
5.1+SP1+Upd1 ...)
@@ -4239,11 +4258,9 @@
CVE-2011-4342
RESERVED
NOT-FOR-US: Wordpress plugin
-CVE-2011-4341
- RESERVED
+CVE-2011-4341 (Multiple SQL injection vulnerabilities in ...)
- symfony <removed>
-CVE-2011-4340
- RESERVED
+CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony
CMS ...)
- symfony <removed>
CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the
...)
{DSA-2376-2 DSA-2376-1}
@@ -4855,6 +4872,7 @@
CVE-2011-4154
RESERVED
CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the
zend_strndup ...)
+ {DSA-2408-1}
- php5 5.3.9-1 (low)
CVE-2011-4152
RESERVED
@@ -5188,10 +5206,10 @@
TODO: check
CVE-2011-4040 (Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator
allows ...)
NOT-FOR-US: NJStar Communicator
-CVE-2011-4039
- RESERVED
-CVE-2011-4038
- RESERVED
+CVE-2011-4039 (Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as
used in ...)
+ TODO: check
+CVE-2011-4038 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware
HMI ...)
+ TODO: check
CVE-2011-4037 (Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and
Winlog ...)
NOT-FOR-US: Sielco Sistemi Winlog PRO
CVE-2011-4036 (Directory traversal vulnerability in Schneider Electric Vijeo
...)
@@ -33684,6 +33702,7 @@
CVE-2009-3526
RESERVED
CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to
overwrite ...)
+ {DSA-2408-1}
- php5 5.3.6-1 (low; bug #546164)
CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
- kfreebsd-6 <removed>