[Secure-testing-commits] r18014 - data/CVE

Tue Jan 3 21:14:24 UTC 2012

Author: joeyh
Date: 2012-01-03 21:14:24 +0000 (Tue, 03 Jan 2012)
New Revision: 18014

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-01-03 21:09:56 UTC (rev 18013)
+++ data/CVE/list	2012-01-03 21:14:24 UTC (rev 18014)
@@ -1,3 +1,65 @@
+CVE-2012-0286
+	RESERVED
+CVE-2012-0285
+	RESERVED
+CVE-2012-0284
+	RESERVED
+CVE-2012-0283
+	RESERVED
+CVE-2012-0282
+	RESERVED
+CVE-2012-0281
+	RESERVED
+CVE-2012-0280
+	RESERVED
+CVE-2012-0279
+	RESERVED
+CVE-2012-0278
+	RESERVED
+CVE-2012-0277
+	RESERVED
+CVE-2012-0276
+	RESERVED
+CVE-2012-0275
+	RESERVED
+CVE-2012-0274
+	RESERVED
+CVE-2012-0273
+	RESERVED
+CVE-2012-0272
+	RESERVED
+CVE-2012-0271
+	RESERVED
+CVE-2012-0270
+	RESERVED
+CVE-2012-0269
+	RESERVED
+CVE-2012-0268
+	RESERVED
+CVE-2012-0267
+	RESERVED
+CVE-2012-0266
+	RESERVED
+CVE-2012-0265
+	RESERVED
+CVE-2011-5046 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 ...)
+	TODO: check
+CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in PHP ...)
+	TODO: check
+CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for ...)
+	TODO: check
+CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in ...)
+	TODO: check
+CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS ...)
+	TODO: check
+CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in Infoproject ...)
+	TODO: check
+CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj ...)
+	TODO: check
+CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly ...)
+	TODO: check
 CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
 	- libv8 <unfixed> (bug #653962)
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
@@ -905,8 +967,8 @@
 	- phpmyadmin 4:3.4.9-1
 CVE-2011-4779
 	REJECTED
-CVE-2011-4778
-	RESERVED
+CVE-2011-4778 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x ...)
+	TODO: check
 CVE-2011-4777 (Cross-site scripting (XSS) vulnerability in the Site Editor (aka ...)
 	NOT-FOR-US: Plesk
 CVE-2011-4776 (Multiple cross-site scripting (XSS) vulnerabilities in the Control ...)
@@ -1410,12 +1472,12 @@
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-4645
 	RESERVED
-CVE-2011-4644
-	RESERVED
-CVE-2011-4643
-	RESERVED
-CVE-2011-4642
-	RESERVED
+CVE-2011-4644 (Splunk 4.2.5 and earlier, when free mode is used, does not perform ...)
+	TODO: check
+CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x before ...)
+	TODO: check
+CVE-2011-4642 (mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly ...)
+	TODO: check
 CVE-2003-1597
 	RESERVED
 CVE-2011-4641
@@ -1480,14 +1542,13 @@
 CVE-2011-4621
 	RESERVED
 	- linux-2.6 <unfixed>
-CVE-2011-4620
-	RESERVED
+CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...)
+	TODO: check
 CVE-2011-4619
 	RESERVED
 CVE-2011-4618
 	RESERVED
-CVE-2011-4617 [python-virtualenv: insecure /tmp file handling]
-	RESERVED
+CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
 	- python-virtualenv 1.4.9-1 (low; bug #652653)
 	[lenny] - python-virtualenv <no-dsa> (Minor issue)
 	[squeeze] - python-virtualenv <no-dsa> (Minor issue)
@@ -1611,6 +1672,7 @@
 	RESERVED
 CVE-2011-4579 [SVQ1 issue]
 	RESERVED
+	{DSA-2378-1}
 	- libav 4:0.7.3-1
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
@@ -2142,6 +2204,7 @@
 	NOTE: duplicate of CVE-2011-4090
 CVE-2011-4364 [vmd_decode buffer overflow]
 	RESERVED
+	{DSA-2378-1}
 	- libav 4:0.7.3-1
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
@@ -2191,6 +2254,7 @@
 	[lenny] - openssl <no-dsa> (Minor issue)
 CVE-2011-4353 [VP5/VP6 DoS]
 	RESERVED
+	{DSA-2378-1}
 	- libav 4:0.7.3-1
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
@@ -2207,6 +2271,7 @@
 	NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
 CVE-2011-4351 [QDM2 buffer overflow]
 	RESERVED
+	{DSA-2378-1}
 	- libav 4:0.7.3-1
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
@@ -4319,18 +4384,15 @@
 	RESERVED
 CVE-2011-3670
 	RESERVED
-CVE-2011-3669
-	RESERVED
+CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
-CVE-2011-3668
-	RESERVED
+CVE-2011-3668 (Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
-CVE-2011-3667
-	RESERVED
+CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
@@ -4368,8 +4430,7 @@
 	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 8)
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 8)
 	- iceape <not-affected> (Only affects Firefox >= 8)
-CVE-2011-3657
-	RESERVED
+CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
@@ -9959,8 +10020,8 @@
 	- iceweasel 4.0.1-1 (unimportant)
 CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in ...)
 	NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
-CVE-2011-1710
-	RESERVED
+CVE-2011-1710 (Multiple integer overflows in the HTTP server in the Novell XTier ...)
+	TODO: check
 CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, ...)
 	- gdm3 <not-affected> (Vulnerable code patched out in Debian package in sid, patched in 3.0.4 experimental)
 	- gdm <not-affected> (Vulnerable code not present)


