[Secure-testing-commits] r16054 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Feb 3 21:15:36 UTC 2011 

Author: joeyh
Date: 2011-02-03 21:15:33 +0000 (Thu, 03 Feb 2011)
New Revision: 16054

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-02-03 20:22:53 UTC (rev 16053)
+++ data/CVE/list	2011-02-03 21:15:33 UTC (rev 16054)
@@ -1,3 +1,87 @@
+CVE-2011-0758
+	RESERVED
+CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
+	TODO: check
+CVE-2011-0756
+	RESERVED
+CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might ...)
+	TODO: check
+CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library (SPL) ...)
+	TODO: check
+CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when a ...)
+	TODO: check
+CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the ...)
+	TODO: check
+CVE-2011-0751
+	RESERVED
+CVE-2011-0750
+	RESERVED
+CVE-2011-0749
+	RESERVED
+CVE-2011-0748
+	RESERVED
+CVE-2011-0747
+	RESERVED
+CVE-2011-0746
+	RESERVED
+CVE-2011-0745
+	RESERVED
+CVE-2011-0744
+	RESERVED
+CVE-2011-0743
+	RESERVED
+CVE-2011-0742 (Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management ...)
+	TODO: check
+CVE-2011-0741 (Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution ...)
+	TODO: check
+CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2011-0739 (The deliver function in the sendmail delivery agent ...)
+	TODO: check
+CVE-2011-0738 (MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through ...)
+	TODO: check
+CVE-2011-0737 (Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2011-0736 (Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is ...)
+	TODO: check
+CVE-2011-0735 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before ...)
+	TODO: check
+CVE-2011-0734 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0.1 ...)
+	TODO: check
+CVE-2011-0733 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion, possibly ...)
+	TODO: check
+CVE-2011-0732 (Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal ...)
+	TODO: check
+CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component in ...)
+	TODO: check
+CVE-2011-0730
+	RESERVED
+CVE-2011-0729
+	RESERVED
+CVE-2011-0728
+	RESERVED
+CVE-2011-0727
+	RESERVED
+CVE-2011-0726
+	RESERVED
+CVE-2011-0725
+	RESERVED
+CVE-2011-0724
+	RESERVED
+CVE-2011-0723
+	RESERVED
+CVE-2011-0722
+	RESERVED
+CVE-2011-0721
+	RESERVED
+CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote ...)
+	TODO: check
+CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
+	TODO: check
+CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component ...)
+	TODO: check
+CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
 CVE-2011-0720
 	RESERVED
 CVE-2011-0719
@@ -410,7 +494,7 @@
 	RESERVED
 CVE-2011-0538
 	RESERVED
-CVE-2011-0537  [mediawiki server-side arbitrary script inclusion vulnerability]
+CVE-2011-0537 [mediawiki server-side arbitrary script inclusion vulnerability]
 	RESERVED
 	- mediawiki <unfixed> (bug #611787)
 CVE-2011-0536
@@ -449,8 +533,7 @@
 	- gypsy <itp> (bug #491723)
 CVE-2011-0522
 	RESERVED
-CVE-2011-0521 [av7110 negative array offset]
-	RESERVED
+CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in ...)
 	{DSA-2153-1}
 	- linux-2.6 <unfixed>
 CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo ...)
@@ -928,8 +1011,8 @@
 	RESERVED
 CVE-2011-0322
 	RESERVED
-CVE-2011-0321
-	RESERVED
+CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before ...)
+	TODO: check
 CVE-2011-0320
 	RESERVED
 CVE-2011-0319
@@ -1142,8 +1225,7 @@
 	- xpdf 3.02-9
 	- poppler <unfixed>
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
-CVE-2010-4652 [buffer overflow when preparing SQL queries]
-	RESERVED
+CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function ...)
 	- proftpd-dfsg 1.3.3a-6
 CVE-2010-4651 [patch directory traversal]
 	RESERVED
@@ -1275,8 +1357,8 @@
 	RESERVED
 CVE-2011-0277
 	RESERVED
-CVE-2011-0276
-	RESERVED
+CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 ...)
+	TODO: check
 CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, ...)
 	NOT-FOR-US: HP OpenView
 CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
@@ -2096,8 +2178,7 @@
 	RESERVED
 CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x through ...)
 	NOT-FOR-US: OpenVAS Manager
-CVE-2011-0017 [lack of return code checks for setuid/setgid]
-	RESERVED
+CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not check ...)
 	{DSA-2154-1}
 	- exim4 4.72-4
 CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
@@ -3375,8 +3456,8 @@
 	RESERVED
 CVE-2010-4016
 	RESERVED
-CVE-2010-4015 [psql buffer overflow in intarray module]
-	RESERVED
+CVE-2010-4015 (Buffer overflow in the gettoken function in ...)
+	{DSA-2157-1}
 	- postgresql-9.0 9.0.3-1
 	- postgresql-8.4 8.4.7-1
 	- postgresql-8.3 <removed>
@@ -3579,10 +3660,10 @@
 	REJECTED
 CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...)
 	NOT-FOR-US: Rocomotion
-CVE-2010-3930
-	RESERVED
-CVE-2010-3929
-	RESERVED
+CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier ...)
+	TODO: check
+CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...)
+	TODO: check
 CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...)
 	NOT-FOR-US: Ruby Version Manager
 CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows ...)
@@ -3757,8 +3838,7 @@
 CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in ...)
 	{DSA-2155-1}
 	- freetype 2.4.2-2.1 (bug #602221)
-CVE-2010-3854 [unspecified cross-site scripting vulnerability in CouchDB]
-	RESERVED
+CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
 	- couchdb <unfixed>
 CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...)
 	- pam <unfixed> (low; bug #608273)
@@ -4159,7 +4239,7 @@
 	NOT-FOR-US: IBM DB2 UDB 9.5
 CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows ...)
 	NOT-FOR-US: IBM DB2 UDB 9.5
-CVE-2010-3731 (Buffer overflow in the Administration Server component in IBM DB2 UDB ...)
+CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation in the ...)
 	NOT-FOR-US: IBM DB2 UDB 9.5
 CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...)
 	- webkit <not-affected> (issue in libv8)
@@ -4190,8 +4270,8 @@
 	RESERVED
 CVE-2010-3720
 	RESERVED
-CVE-2010-3719
-	RESERVED
+CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
+	TODO: check
 CVE-2010-3718
 	RESERVED
 CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...)
@@ -5389,10 +5469,10 @@
 	RESERVED
 CVE-2010-3271
 	RESERVED
-CVE-2010-3270
-	RESERVED
-CVE-2010-3269
-	RESERVED
+CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...)
+	TODO: check
+CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording ...)
+	TODO: check
 CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in ...)
 	NOT-FOR-US: Symantec Antivirus
 CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...)
@@ -6077,14 +6157,14 @@
 	RESERVED
 CVE-2010-3045
 	RESERVED
-CVE-2010-3044
-	RESERVED
-CVE-2010-3043
-	RESERVED
-CVE-2010-3042
-	RESERVED
-CVE-2010-3041
-	RESERVED
+CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
+CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
+CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
+CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
+	TODO: check
 CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...)
 	NOT-FOR-US: Cisco Intelligent Contact Manager
 CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...)
@@ -29854,9 +29934,9 @@
 CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2009-0190
-	RESERVED
+	REJECTED
 CVE-2009-0189
-	RESERVED
+	REJECTED
 CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...)

More information about the Secure-testing-commits mailing list