[Secure-testing-commits] r17406 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Oct 11 09:14:17 UTC 2011
Author: joeyh
Date: 2011-10-11 09:14:17 +0000 (Tue, 11 Oct 2011)
New Revision: 17406
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-11 06:17:31 UTC (rev 17405)
+++ data/CVE/list 2011-10-11 09:14:17 UTC (rev 17406)
@@ -1,3 +1,155 @@
+CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and ...)
+ TODO: check
+CVE-2011-4029
+ RESERVED
+CVE-2011-4028
+ RESERVED
+CVE-2011-4027
+ RESERVED
+CVE-2011-4026
+ RESERVED
+CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...)
+ TODO: check
+CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension ...)
+ TODO: check
+CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension ...)
+ TODO: check
+CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka ...)
+ TODO: check
+CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre ...)
+ TODO: check
+CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...)
+ TODO: check
+CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ...)
+ TODO: check
+CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire ...)
+ TODO: check
+CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers ...)
+ TODO: check
+CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...)
+ TODO: check
+CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension ...)
+ TODO: check
+CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) ...)
+ TODO: check
+CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox ...)
+ TODO: check
+CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before ...)
+ TODO: check
+CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...)
+ TODO: check
+CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...)
+ TODO: check
+CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
+ TODO: check
+CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows ...)
+ TODO: check
+CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) ...)
+ TODO: check
+CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) ...)
+ TODO: check
+CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...)
+ TODO: check
+CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in ...)
+ TODO: check
+CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component ...)
+ TODO: check
+CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows ...)
+ TODO: check
+CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm 1.2 ...)
+ TODO: check
+CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...)
+ TODO: check
+CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog (com_amblog) ...)
+ TODO: check
+CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow) ...)
+ TODO: check
+CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier ...)
+ TODO: check
+CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and earlier ...)
+ TODO: check
+CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in Geeklog ...)
+ TODO: check
+CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in Entrans ...)
+ TODO: check
+CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php in ...)
+ TODO: check
+CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail ...)
+ TODO: check
+CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos) component ...)
+ TODO: check
+CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide ...)
+ TODO: check
+CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide ...)
+ TODO: check
+CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack) component ...)
+ TODO: check
+CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires module 1.5 ...)
+ TODO: check
+CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue ...)
+ TODO: check
+CVE-2010-4922 (SQL injection vulnerability in contentAE.asp in Allinta CMS 22.07.2010 ...)
+ TODO: check
+CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...)
+ TODO: check
+CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental ...)
+ TODO: check
+CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer ...)
+ TODO: check
+CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine ...)
+ TODO: check
+CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows ...)
+ TODO: check
+CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen ...)
+ TODO: check
+CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 ...)
+ TODO: check
+CVE-2010-4914 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
+ TODO: check
+CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0 allows ...)
+ TODO: check
+CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP Classifieds ...)
+ TODO: check
+CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 ...)
+ TODO: check
+CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
+CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping Mall ...)
+ TODO: check
+CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...)
+ TODO: check
+CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 ...)
+ TODO: check
+CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article ...)
+ TODO: check
+CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) ...)
+ TODO: check
+CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows ...)
+ TODO: check
+CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools ...)
+ TODO: check
+CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...)
+ TODO: check
+CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ...)
+ TODO: check
+CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 ...)
+ TODO: check
+CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component ...)
+ TODO: check
+CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows ...)
+ TODO: check
+CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in Member ...)
+ TODO: check
+CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in ...)
+ TODO: check
+CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 ...)
+ TODO: check
+CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS ...)
+ TODO: check
CVE-2011-XXXX [lintian disclosure of file presense]
- lintian 2.5.2 (unimportant)
[squeeze] - lintian 2.4.3+squeeze1
@@ -428,8 +580,8 @@
RESERVED
{DSA-2314-1}
- puppet 2.7.3-3
-CVE-2011-3868
- RESERVED
+CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player ...)
+ TODO: check
CVE-2011-3867
REJECTED
CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly ...)
@@ -1021,10 +1173,9 @@
NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3600
RESERVED
-CVE-2011-3599
- RESERVED
-CVE-2011-3598 [phpPgAdmin XSS]
- RESERVED
+CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when ...)
+ TODO: check
+CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin ...)
- phppgadmin 5.0.3-1 (bug #644290)
NOTE: https://secunia.com/advisories/46248/
CVE-2011-3597 [unsafe use of eval]
@@ -1070,8 +1221,8 @@
RESERVED
- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
-CVE-2011-3587
- RESERVED
+CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone ...)
+ TODO: check
CVE-2011-3586
RESERVED
NOTE: Dupe of CVE-2011-3504, to be rejected
@@ -1734,24 +1885,19 @@
RESERVED
CVE-2011-3328
RESERVED
-CVE-2011-3327
- RESERVED
+CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in ...)
{DSA-2316-1}
- quagga 0.99.19-1
-CVE-2011-3326
- RESERVED
+CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga before ...)
{DSA-2316-1}
- quagga 0.99.19-1
-CVE-2011-3325
- RESERVED
+CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote ...)
{DSA-2316-1}
- quagga 0.99.19-1
-CVE-2011-3324
- RESERVED
+CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 ...)
{DSA-2316-1}
- quagga 0.99.19-1
-CVE-2011-3323
- RESERVED
+CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows ...)
{DSA-2316-1}
- quagga 0.99.19-1
CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon ...)
@@ -3593,8 +3739,8 @@
RESERVED
CVE-2011-2676
RESERVED
-CVE-2011-2675
- RESERVED
+CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 ...)
+ TODO: check
CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to the ...)
TODO: check
CVE-2011-2673 (Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 ...)
@@ -3619,12 +3765,12 @@
[lenny] - asterisk <not-affected>
CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / ...)
NOT-FOR-US: Check Point Multi-Domain Management
-CVE-2011-2663
- RESERVED
-CVE-2011-2662
- RESERVED
-CVE-2011-2661
- RESERVED
+CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell ...)
+ TODO: check
+CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in Novell ...)
+ TODO: check
+CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in ...)
+ TODO: check
CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before ...)
TODO: check
CVE-2011-2659
@@ -4689,8 +4835,8 @@
RESERVED
CVE-2011-2228
RESERVED
-CVE-2011-2227
- RESERVED
+CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager ...)
+ TODO: check
CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
TODO: check
CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
@@ -4705,10 +4851,10 @@
NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter ...)
NOT-FOR-US: Novell File Reporter
-CVE-2011-2219
- RESERVED
-CVE-2011-2218
- RESERVED
+CVE-2011-2219 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
+ TODO: check
+CVE-2011-2218 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
+ TODO: check
CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
NOT-FOR-US: VMware
CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux ...)
@@ -4754,8 +4900,7 @@
- curl 7.21.6-2 (high; bug #631615)
CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in ...)
TODO: check
-CVE-2011-2189
- RESERVED
+CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does ...)
- linux-2.6 2.6.35-1 (low)
[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
[squeeze] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
@@ -6214,8 +6359,8 @@
RESERVED
CVE-2011-1697
RESERVED
-CVE-2011-1696
- RESERVED
+CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager ...)
+ TODO: check
CVE-2011-1695
RESERVED
CVE-2011-1694
@@ -10196,10 +10341,10 @@
RESERVED
CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
NOT-FOR-US: Adobe Shockwave Player
-CVE-2011-0334
- RESERVED
-CVE-2011-0333
- RESERVED
+CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent ...)
+ TODO: check
+CVE-2011-0333 (Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf ...)
+ TODO: check
CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom ...)
NOT-FOR-US: Foxit Reader
CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the Honeywell ...)
More information about the Secure-testing-commits
mailing list