[Secure-testing-commits] r16478 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Apr 4 21:15:26 UTC 2011 

Author: joeyh
Date: 2011-04-04 21:15:19 +0000 (Mon, 04 Apr 2011)
New Revision: 16478

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-04-03 21:16:39 UTC (rev 16477)
+++ data/CVE/list	2011-04-04 21:15:19 UTC (rev 16478)
@@ -1,3 +1,11 @@
+CVE-2011-1557 (SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows ...)
+	TODO: check
+CVE-2011-1556 (SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's ...)
+	TODO: check
+CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase ...)
+	TODO: check
+CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...)
 	TODO: check
 CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...)
@@ -16,8 +24,8 @@
 	TODO: check
 CVE-2011-1547
 	RESERVED
-CVE-2011-1546
-	RESERVED
+CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase ...)
+	TODO: check
 CVE-2011-1545
 	RESERVED
 CVE-2011-1544
@@ -369,8 +377,7 @@
 	NOT-FOR-US: Kodak InSite
 CVE-2011-1426
 	RESERVED
-CVE-2011-1425 [xmlsec file overwrite]
-	RESERVED
+CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in ...)
 	- xmlsec1 <unfixed> (bug #620560)
 	NOTE: http://www.aleksey.com/xmlsec/news.html
 CVE-2011-1424
@@ -1104,8 +1111,8 @@
 	RESERVED
 CVE-2011-1127
 	RESERVED
-CVE-2011-1126
-	RESERVED
+CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware ...)
+	TODO: check
 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...)
 	- glibc <removed>
 	- eglibc <unfixed>
@@ -1325,11 +1332,9 @@
 	RESERVED
 CVE-2011-1084
 	RESERVED
-CVE-2011-1083
-	RESERVED
+CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
 	- linux-2.6 <unfixed> (low)
-CVE-2011-1082
-	RESERVED
+CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file ...)
 	- linux-2.6 2.6.38-1 (low)
 CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote ...)
 	- openldap <unfixed> (low; bug #617606)
@@ -1773,8 +1778,8 @@
 	RESERVED
 CVE-2011-0952
 	RESERVED
-CVE-2011-0951
-	RESERVED
+CVE-2011-0951 (The web-based management interface in Cisco Secure Access Control ...)
+	TODO: check
 CVE-2011-0950
 	RESERVED
 CVE-2011-0949
@@ -1891,14 +1896,14 @@
 	RESERVED
 CVE-2011-0895
 	RESERVED
-CVE-2011-0894
-	RESERVED
-CVE-2011-0893
-	RESERVED
+CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX platforms ...)
+	TODO: check
+CVE-2011-0893 (Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX ...)
+	TODO: check
 CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and ...)
 	TODO: check
-CVE-2011-0891
-	RESERVED
+CVE-2011-0891 (Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX ...)
+	TODO: check
 CVE-2011-0890 (HP Discovery &amp; Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, ...)
 	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
 CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA ...)
@@ -3042,8 +3047,8 @@
 	- webkit <not-affected> (chromium specific)
 CVE-2011-0469
 	RESERVED
-CVE-2011-0468
-	RESERVED
+CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and ...)
+	TODO: check
 CVE-2011-0467
 	RESERVED
 CVE-2011-0466
@@ -3056,8 +3061,8 @@
 	RESERVED
 CVE-2011-0462
 	RESERVED
-CVE-2011-0461
-	RESERVED
+CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 ...)
+	TODO: check
 CVE-2011-0460
 	RESERVED
 CVE-2011-0459
@@ -4134,8 +4139,8 @@
 	NOT-FOR-US: Ecava IntegraXor
 CVE-2010-4597 (Stack-based buffer overflow in the save method in the ...)
 	NOT-FOR-US: Ecava IntegraXor
-CVE-2010-4596
-	RESERVED
+CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, ...)
+	TODO: check
 CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 ...)
 	NOT-FOR-US: IBM Lotus Mobile Connect
 CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when ...)
@@ -5494,8 +5499,8 @@
 	- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
 CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
 	NOT-FOR-US: IBM OmniFind Enterprise Edition
-CVE-2010-4235
-	RESERVED
+CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, ...)
+	TODO: check
 CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz ...)
 	NOT-FOR-US: Camtron, TecVoz
 CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and ...)
@@ -6985,8 +6990,7 @@
 CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde ...)
 	- horde3 3.3.8+debian0-2 (bug #598582)
 	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
-CVE-2010-3693 [XSS vulnerability when showing mailbox names]
-	RESERVED
+CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) ...)
 	- dimp1 1.1.4+debian2-1.1 (bug #598583)
 	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
 CVE-2010-3692 (Directory traversal vulnerability in the callback function in ...)
@@ -7166,7 +7170,7 @@
 	- dhcp <not-affected> (Only affects DHCP 4.x)
 CVE-2010-3610
 	RESERVED
-CVE-2010-3609 (Unspecified vulnerability in the Service Location Protocol daemon ...)
+CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other ...)
 	NOT-FOR-US: VMware ESX
 CVE-2010-3659 [Multiple security issues]
 	RESERVED
@@ -7633,8 +7637,7 @@
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-12 (bug #565790; unimportant)
 	NOTE: this is more of a hardware bug rather than a security issue
-CVE-2010-3447 [horde gollem XSS]
-	RESERVED
+CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file ...)
 	- gollem 1.1.1+debian0-1.1 (bug #598585)
 	[lenny] - gollem <not-affected> ($filename not printed directly and passed through htmlspecialchars())
 	NOTE: http://bugs.horde.org/ticket/9191

More information about the Secure-testing-commits mailing list