diff options
author | Joey Hess <joeyh@debian.org> | 2011-10-05 21:14:20 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2011-10-05 21:14:20 +0000 |
commit | 981c562b14ba70676b1a50307784a18489b6e7a6 (patch) | |
tree | 4527f2b051b1285d8717fde147b40cfba592d362 /data | |
parent | 9fff78b39a31979e1df076f58a043e72095c91a4 (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17377 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2000.list | 2 | ||||
-rw-r--r-- | data/CVE/2008.list | 6 | ||||
-rw-r--r-- | data/CVE/2010.list | 34 | ||||
-rw-r--r-- | data/CVE/2011.list | 65 |
4 files changed, 74 insertions, 33 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list index d67e443ee4..af6111a209 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -1,3 +1,5 @@ +CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...) + TODO: check CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...) NOT-FOR-US: Novell NetWare CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index a1a89e3e29..b52f4f87ce 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -1,3 +1,9 @@ +CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill ...) + TODO: check +CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows ...) + TODO: check +CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensions in ...) + TODO: check CVE-2008-7299 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses ...) NOT-FOR-US: Tivoli CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index a0cae4c3d7..b6d2023c0c 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1,3 +1,37 @@ +CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...) + TODO: check +CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka ...) + TODO: check +CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in ...) + TODO: check +CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows ...) + TODO: check +CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) ...) + TODO: check +CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) ...) + TODO: check +CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in ...) + TODO: check +CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory ...) + TODO: check +CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows ...) + TODO: check +CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 ...) + TODO: check +CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script ...) + TODO: check +CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET ...) + TODO: check +CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows ...) + TODO: check +CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote ...) + TODO: check +CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote ...) + TODO: check +CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when ...) + TODO: check +CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) ...) + TODO: check CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...) TODO: check CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote ...) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index e639744ae3..7de215751c 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1,3 +1,5 @@ +CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 ...) + TODO: check CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the ...) TODO: check CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload ...) @@ -218,8 +220,7 @@ CVE-2011-3875 RESERVED CVE-2011-3874 RESERVED -CVE-2011-3873 - RESERVED +CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> CVE-2011-XXXX [Fix file indirectory injection] @@ -1437,18 +1438,23 @@ CVE-2011-3328 RESERVED CVE-2011-3327 RESERVED + {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3326 RESERVED + {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3325 RESERVED + {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3324 RESERVED + {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3323 RESERVED + {DSA-2316-1} - quagga 0.99.19-1 CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon ...) NOT-FOR-US: Scadatec Limited Procyon SCADA @@ -2177,7 +2183,7 @@ CVE-2011-3001 (Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMon [squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4) - iceape <not-affected> (Only affects Firefox >= 4) CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...) - {DSA-2313-1 DSA-2312-1} + {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove <unfixed> - xulrunner <removed> - iceweasel 7.0-1 @@ -2185,7 +2191,7 @@ CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird befo - iceape 2.0.14-8 [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before ...) - {DSA-2313-1 DSA-2312-1} + {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove <unfixed> - xulrunner <removed> - iceweasel 7.0-1 @@ -2193,7 +2199,7 @@ CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird befo - iceape 2.0.14-8 [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...) - {DSA-2313-1 DSA-2312-1} + {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove <unfixed> - xulrunner <removed> - iceweasel 7.0-1 @@ -2213,7 +2219,7 @@ CVE-2011-2996 (Unspecified vulnerability in the plugin API in Mozilla Firefox 3. - iceweasel <not-affected> (Only affects MacOS) - iceape <not-affected> (Only affects MacOS) CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - {DSA-2313-1 DSA-2312-1} + {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove <unfixed> - xulrunner <removed> - iceweasel 7.0-1 @@ -2577,28 +2583,22 @@ CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Acce NOT-FOR-US: Citrix Access Gateway CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control ...) NOT-FOR-US: Citrix Access Gateway -CVE-2011-2881 - RESERVED +CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> -CVE-2011-2880 - RESERVED +CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> -CVE-2011-2879 - RESERVED +CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> -CVE-2011-2878 - RESERVED +CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> -CVE-2011-2877 - RESERVED +CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> -CVE-2011-2876 - RESERVED +CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...) - chromium-browser 14.0.835.202~r103287-1 - libv8 <undetermined> CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) @@ -3102,6 +3102,7 @@ CVE-2011-2714 NOT-FOR-US: Drupal data module CVE-2011-2713 RESERVED + {DSA-2315-1} - libreoffice 1:3.4.3-1 - openoffice.org 1:3.3.0-1 NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice @@ -3777,8 +3778,8 @@ CVE-2011-2445 RESERVED CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...) TODO: check -CVE-2011-2443 - RESERVED +CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier ...) + TODO: check CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...) NOT-FOR-US: Adobe Reader and Acrobat CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader ...) @@ -3946,7 +3947,7 @@ CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and [lenny] - iceape <not-affected> (Only a stub package) - icedove 3.1.11-1 CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...) - {DSA-2313-1 DSA-2312-1} + {DSA-2317-1 DSA-2313-1 DSA-2312-1} - icedove <unfixed> - xulrunner <removed> - iceweasel 7.0-1 @@ -5375,8 +5376,8 @@ CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforc CVE-2011-XXXX [spip DoS] - spip <unfixed> [squeeze] - spip 2.1.1-3squeeze1 -CVE-2011-1827 - RESERVED +CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network ...) + TODO: check CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...) NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) @@ -5582,8 +5583,7 @@ CVE-2011-1767 {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.34-1 [squeeze] - linux-2.6 2.6.32-34squeeze1 -CVE-2011-1764 [DKIM format string issue in exim4] - RESERVED +CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in ...) {DSA-2232-1} - exim4 4.75-3 (high; bug #624670) [lenny] - exim4 <not-affected> (vulnerable code not present) @@ -6956,8 +6956,8 @@ CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named st NOT-FOR-US: IBM Tivoli Storage Manager CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the ...) NOT-FOR-US: IBM Tivoli Storage Manager -CVE-2011-1221 - RESERVED +CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control ...) + TODO: check CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM ...) NOT-FOR-US: IBM Tivoli Management Framework CVE-2011-1219 @@ -7193,8 +7193,8 @@ CVE-2011-1160 RESERVED {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 (low) -CVE-2011-1159 - RESERVED +CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in ...) + TODO: check CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...) - feedparser 5.0.1-1 (low; bug #617998) [squeeze] - feedparser <no-dsa> (Minor issue) @@ -7485,8 +7485,7 @@ CVE-2011-1078 - linux-2.6 2.6.38-4 (low) CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva ...) NOT-FOR-US: Apache Archiva -CVE-2011-1076 - RESERVED +CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows ...) - linux-2.6 2.6.38-1 [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36) [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36) @@ -9116,8 +9115,8 @@ CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.4 NOT-FOR-US: OpenSUSE aaa_base package CVE-2011-0460 RESERVED -CVE-2011-0459 - RESERVED +CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault ...) + TODO: check CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in ...) NOT-FOR-US: Google Picasa CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...) |