From aa9c4024f13cb7e75a389fcbca1652c6b82d4354 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 19 Sep 2011 21:14:17 +0000 Subject: automatic update git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17258 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/list | 331 +++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 256 insertions(+), 75 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index a31924d44f..064ff78429 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,185 @@ +CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 ...) + TODO: check +CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in ...) + TODO: check +CVE-2011-3574 + RESERVED +CVE-2011-3573 + RESERVED +CVE-2011-3572 + RESERVED +CVE-2011-3571 + RESERVED +CVE-2011-3570 + RESERVED +CVE-2011-3569 + RESERVED +CVE-2011-3568 + RESERVED +CVE-2011-3567 + RESERVED +CVE-2011-3566 + RESERVED +CVE-2011-3565 + RESERVED +CVE-2011-3564 + RESERVED +CVE-2011-3563 + RESERVED +CVE-2011-3562 + RESERVED +CVE-2011-3561 + RESERVED +CVE-2011-3560 + RESERVED +CVE-2011-3559 + RESERVED +CVE-2011-3558 + RESERVED +CVE-2011-3557 + RESERVED +CVE-2011-3556 + RESERVED +CVE-2011-3555 + RESERVED +CVE-2011-3554 + RESERVED +CVE-2011-3553 + RESERVED +CVE-2011-3552 + RESERVED +CVE-2011-3551 + RESERVED +CVE-2011-3550 + RESERVED +CVE-2011-3549 + RESERVED +CVE-2011-3548 + RESERVED +CVE-2011-3547 + RESERVED +CVE-2011-3546 + RESERVED +CVE-2011-3545 + RESERVED +CVE-2011-3544 + RESERVED +CVE-2011-3543 + RESERVED +CVE-2011-3542 + RESERVED +CVE-2011-3541 + RESERVED +CVE-2011-3540 + RESERVED +CVE-2011-3539 + RESERVED +CVE-2011-3538 + RESERVED +CVE-2011-3537 + RESERVED +CVE-2011-3536 + RESERVED +CVE-2011-3535 + RESERVED +CVE-2011-3534 + RESERVED +CVE-2011-3533 + RESERVED +CVE-2011-3532 + RESERVED +CVE-2011-3531 + RESERVED +CVE-2011-3530 + RESERVED +CVE-2011-3529 + RESERVED +CVE-2011-3528 + RESERVED +CVE-2011-3527 + RESERVED +CVE-2011-3526 + RESERVED +CVE-2011-3525 + RESERVED +CVE-2011-3524 + RESERVED +CVE-2011-3523 + RESERVED +CVE-2011-3522 + RESERVED +CVE-2011-3521 + RESERVED +CVE-2011-3520 + RESERVED +CVE-2011-3519 + RESERVED +CVE-2011-3518 + RESERVED +CVE-2011-3517 + RESERVED +CVE-2011-3516 + RESERVED +CVE-2011-3515 + RESERVED +CVE-2011-3514 + RESERVED +CVE-2011-3513 + RESERVED +CVE-2011-3512 + RESERVED +CVE-2011-3511 + RESERVED +CVE-2011-3510 + RESERVED +CVE-2011-3509 + RESERVED +CVE-2011-3508 + RESERVED +CVE-2011-3507 + RESERVED +CVE-2011-3506 + RESERVED +CVE-2011-3505 + RESERVED +CVE-2011-3504 + RESERVED +CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and ...) + TODO: check +CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote ...) + TODO: check +CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote ...) + TODO: check +CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub ...) + TODO: check +CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote ...) + TODO: check +CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...) + TODO: check +CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...) + TODO: check +CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...) + TODO: check +CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in ...) + TODO: check +CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...) + TODO: check +CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...) + TODO: check +CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...) + TODO: check +CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...) + TODO: check +CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft ...) + TODO: check +CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ...) + TODO: check +CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows ...) + TODO: check +CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel ...) + TODO: check +CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ...) + TODO: check CVE-2011-3485 RESERVED CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server ...) @@ -116,10 +298,10 @@ CVE-2011-3426 RESERVED CVE-2011-3425 RESERVED -CVE-2011-3424 - RESERVED -CVE-2011-3423 - RESERVED +CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in ...) + TODO: check +CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer ...) + TODO: check CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...) TODO: check CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...) @@ -384,8 +566,7 @@ CVE-2011-3347 RESERVED CVE-2011-3346 RESERVED -CVE-2011-3345 - RESERVED +CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...) - ofa-kernel (bug #541849) CVE-2011-3344 RESERVED @@ -638,8 +819,8 @@ CVE-2011-3236 RESERVED CVE-2011-3235 RESERVED -CVE-2011-3234 - RESERVED +CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...) + TODO: check CVE-2011-3233 RESERVED CVE-2011-3232 @@ -1578,10 +1759,10 @@ CVE-2011-2877 RESERVED CVE-2011-2876 RESERVED -CVE-2011-2875 - RESERVED -CVE-2011-2874 - RESERVED +CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) + TODO: check +CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...) + TODO: check CVE-2011-2873 RESERVED CVE-2011-2872 @@ -1600,68 +1781,68 @@ CVE-2011-2866 RESERVED CVE-2011-2865 RESERVED -CVE-2011-2864 - RESERVED +CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan ...) + TODO: check CVE-2011-2863 RESERVED -CVE-2011-2862 - RESERVED -CVE-2011-2861 - RESERVED -CVE-2011-2860 - RESERVED -CVE-2011-2859 - RESERVED -CVE-2011-2858 - RESERVED -CVE-2011-2857 - RESERVED -CVE-2011-2856 - RESERVED -CVE-2011-2855 - RESERVED -CVE-2011-2854 - RESERVED -CVE-2011-2853 - RESERVED -CVE-2011-2852 - RESERVED -CVE-2011-2851 - RESERVED -CVE-2011-2850 - RESERVED -CVE-2011-2849 - RESERVED -CVE-2011-2848 - RESERVED -CVE-2011-2847 - RESERVED -CVE-2011-2846 - RESERVED +CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) + TODO: check +CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in ...) + TODO: check +CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) + TODO: check +CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for ...) + TODO: check +CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ...) + TODO: check +CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) + TODO: check +CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...) + TODO: check +CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...) + TODO: check +CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) + TODO: check +CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) + TODO: check +CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before ...) + TODO: check +CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...) + TODO: check +CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer ...) + TODO: check +CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 ...) + TODO: check +CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote ...) + TODO: check +CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome ...) + TODO: check +CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) + TODO: check CVE-2011-2845 RESERVED -CVE-2011-2844 - RESERVED -CVE-2011-2843 - RESERVED -CVE-2011-2842 - RESERVED -CVE-2011-2841 - RESERVED -CVE-2011-2840 - RESERVED +CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...) + TODO: check +CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media ...) + TODO: check +CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X does ...) + TODO: check +CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform garbage ...) + TODO: check +CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote ...) + TODO: check CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux ...) - chromium-browser (Pdf plugin) -CVE-2011-2838 - RESERVED -CVE-2011-2837 - RESERVED -CVE-2011-2836 - RESERVED -CVE-2011-2835 - RESERVED -CVE-2011-2834 - RESERVED +CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the MIME ...) + TODO: check +CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC and ...) + TODO: check +CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar interaction ...) + TODO: check +CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows attackers ...) + TODO: check +CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before ...) + TODO: check CVE-2011-2833 RESERVED CVE-2011-2832 @@ -1957,8 +2138,8 @@ CVE-2011-2740 RESERVED CVE-2011-2739 RESERVED -CVE-2011-2738 - RESERVED +CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor ...) + TODO: check CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to ...) NOT-FOR-US: RSA enVision CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative ...) @@ -4655,8 +4836,8 @@ CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext account NOT-FOR-US: EMC CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText ...) NOT-FOR-US: OpenText Hummingbird Client Connector -CVE-2011-1740 - RESERVED +CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote ...) + TODO: check CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...) NOT-FOR-US: FreeBSD mountd CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in ...) @@ -5967,7 +6148,7 @@ CVE-2011-1281 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ... NOT-FOR-US: MS Windows CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server ...) NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio Express, Visual Studio -CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3; Office 2004 and 2008 for Mac, ...) +CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...) NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly ...) NOT-FOR-US: Microsoft Excel, Office @@ -22103,7 +22284,7 @@ CVE-2010-XXXX [backup-manager: make sure password is not written to world-readab NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html CVE-2010-XXXX [sudosh3: many security weaknesses] - sudosh3 (high; bug #566142) -CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...) +CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX ...) NOT-FOR-US: Macromedia Flash ActiveX CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...) NOT-FOR-US: Adobe Flash @@ -47900,7 +48081,7 @@ CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5. NOTE: closely related to CVE-2008-2108 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...) NOT-FOR-US: Call of Duty -CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before ...) +CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before ...) - bugzilla 3.0.4-1 (low) [etch] - bugzilla (vulnerable code introduced in 2.23.4) CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users ...) -- cgit v1.2.3