[Secure-testing-commits] r16510 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Apr 11 21:16:26 UTC 2011 

Author: joeyh
Date: 2011-04-11 21:16:14 +0000 (Mon, 11 Apr 2011)
New Revision: 16510

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-04-11 18:50:42 UTC (rev 16509)
+++ data/CVE/list	2011-04-11 21:16:14 UTC (rev 16510)
@@ -1,3 +1,51 @@
+CVE-2011-1681 (vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka ...)
+	TODO: check
+CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ ...)
+	TODO: check
+CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the ...)
+	TODO: check
+CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
+	TODO: check
+CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...)
+	TODO: check
+CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...)
+	TODO: check
+CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the ...)
+	TODO: check
+CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote ...)
+	TODO: check
+CVE-2011-1673 (BackupConfig.php on the NetGear ProSafe WNAP210 allows remote ...)
+	TODO: check
+CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier ...)
+	TODO: check
+CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
+	TODO: check
+CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in WP Custom ...)
+	TODO: check
+CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web ...)
+	TODO: check
+CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows ...)
+	TODO: check
+CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in Translation ...)
+	TODO: check
+CVE-2011-1663 (SQL injection vulnerability in Translation Management module 6.x ...)
+	TODO: check
+CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management ...)
+	TODO: check
+CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use ...)
+	TODO: check
+CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
+	TODO: check
+CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
+	TODO: check
 CVE-2011-1657
 	RESERVED
 CVE-2011-1656
@@ -403,10 +451,10 @@
 	RESERVED
 CVE-2011-1493
 	RESERVED
-CVE-2011-1492
-	RESERVED
-CVE-2011-1491
-	RESERVED
+CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not ...)
+	TODO: check
+CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly ...)
+	TODO: check
 CVE-2011-1490
 	RESERVED
 CVE-2011-1489
@@ -439,8 +487,7 @@
 CVE-2011-1476
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2011-1475
-	RESERVED
+CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not ...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1474
 	RESERVED
@@ -1202,8 +1249,7 @@
 	NOTE: http://trac.webkit.org/changeset/74853
 CVE-2011-1184
 	RESERVED
-CVE-2011-1183
-	RESERVED
+CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does ...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1182
 	RESERVED
@@ -1261,8 +1307,7 @@
 	RESERVED
 CVE-2011-1164
 	RESERVED
-CVE-2011-1163
-	RESERVED
+CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel ...)
 	- linux-2.6 2.6.38-1
 CVE-2011-1162
 	RESERVED
@@ -1529,8 +1574,7 @@
 	- rsync <unfixed> (low; bug #621866)
 CVE-2011-1096
 	RESERVED
-CVE-2011-1095 [glibc locale escaping issue]
-	RESERVED
+CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...)
 	- glibc <removed>
 	[lenny] - glibc <no-dsa> (Minor issue)
 	- eglibc <unfixed>
@@ -1557,8 +1601,7 @@
 CVE-2011-1090
 	RESERVED
 	- linux-2.6 2.6.38-1 (low)
-CVE-2011-1089 [Suid mount helpers fail to anticipate RLIMIT_FSIZE]
-	RESERVED
+CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...)
 	- glibc <removed>
 	- eglibc <unfixed>
 	TODO: This issue will be assigned to glibc, probably. Not confirmed yet.
@@ -1609,8 +1652,7 @@
 	- cron <not-affected> (Debian's cron not affected)
 CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
 	- cron <not-affected> (Debian's cron not affected)
-CVE-2011-1071 [eglibc: memory corruption]
-	RESERVED
+CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded ...)
 	- glibc <removed>
 	- eglibc 2.11.2-12 (bug #615120)
 	NOTE: poc does not work on version 2.13 in experimental
@@ -1861,8 +1903,7 @@
 	- linux-2.6 <not-affected> (Introduced in 2.6.38-rc1, fixed in 2.6.38-rc5)
 CVE-2011-0998
 	RESERVED
-CVE-2011-0997 [isc-dhcp-client command injection]
-	RESERVED
+CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV ...)
 	{DSA-2217-1 DSA-2216-1}
 	- isc-dhcp 4.1.1-P1-16.1 (bug #621099)
 	- dhcp3 <removed>
@@ -1875,8 +1916,8 @@
 	RESERVED
 CVE-2011-0995
 	RESERVED
-CVE-2011-0994
-	RESERVED
+CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
+	TODO: check
 CVE-2011-0993
 	RESERVED
 CVE-2011-0992
@@ -2464,8 +2505,8 @@
 	RESERVED
 CVE-2011-0766
 	RESERVED
-CVE-2011-0765
-	RESERVED
+CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)
+	TODO: check
 CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other ...)
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
@@ -3090,8 +3131,7 @@
 	- wireshark 1.4.3-3 (low; bug #613202)
 CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
 	- mediawiki <not-affected> (Only affected when running on Windows or Novell Netware)
-CVE-2011-0536 [CVE-2010-3847 opens new vulnerability]
-	RESERVED
+CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in ...)
 	- eglibc <unfixed> (bug #600667)
 	- glibc <removed>
 CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...)
@@ -3308,20 +3348,19 @@
 	TODO: check
 CVE-2011-0467
 	RESERVED
-CVE-2011-0466
-	RESERVED
-CVE-2011-0465 [xrdb code execution via crafted hostname]
-	RESERVED
+CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and ...)
+	TODO: check
+CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...)
 	{DSA-2213-1}
 	- x11-xserver-utils 7.6+2 (low; bug #621423)
 	NOTE: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
 	NOTE: low as this is not enabled in a standard setup
 CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 ...)
 	NOT-FOR-US: Novell Vibe OnPrem
-CVE-2011-0463
-	RESERVED
-CVE-2011-0462
-	RESERVED
+CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the ...)
+	TODO: check
+CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
+	TODO: check
 CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 ...)
 	TODO: check
 CVE-2011-0460

More information about the Secure-testing-commits mailing list