diff options
| author | Joey Hess <joeyh@debian.org> | 2011-01-10 21:14:35 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2011-01-10 21:14:35 +0000 |
| commit | 349c525b1650db98a5ea8f031c048262f12fd9fb (patch) | |
| tree | c2d7cbb4dd23a3c4512e2f2486f8694a3f6ab8c5 /data | |
| parent | ef6cc9a01a4b3b9a7a367bd17c84f708bc12fc2e (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15826 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 376 |
1 files changed, 319 insertions, 57 deletions
diff --git a/data/CVE/list b/data/CVE/list index c8c59feb3b..40c7789852 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,281 @@ +CVE-2011-0397 + RESERVED +CVE-2011-0396 + RESERVED +CVE-2011-0395 + RESERVED +CVE-2011-0394 + RESERVED +CVE-2011-0393 + RESERVED +CVE-2011-0392 + RESERVED +CVE-2011-0391 + RESERVED +CVE-2011-0390 + RESERVED +CVE-2011-0389 + RESERVED +CVE-2011-0388 + RESERVED +CVE-2011-0387 + RESERVED +CVE-2011-0386 + RESERVED +CVE-2011-0385 + RESERVED +CVE-2011-0384 + RESERVED +CVE-2011-0383 + RESERVED +CVE-2011-0382 + RESERVED +CVE-2011-0381 + RESERVED +CVE-2011-0380 + RESERVED +CVE-2011-0379 + RESERVED +CVE-2011-0378 + RESERVED +CVE-2011-0377 + RESERVED +CVE-2011-0376 + RESERVED +CVE-2011-0375 + RESERVED +CVE-2011-0374 + RESERVED +CVE-2011-0373 + RESERVED +CVE-2011-0372 + RESERVED +CVE-2011-0371 + RESERVED +CVE-2011-0370 + RESERVED +CVE-2011-0369 + RESERVED +CVE-2011-0368 + RESERVED +CVE-2011-0367 + RESERVED +CVE-2011-0366 + RESERVED +CVE-2011-0365 + RESERVED +CVE-2011-0364 + RESERVED +CVE-2011-0363 + RESERVED +CVE-2011-0362 + RESERVED +CVE-2011-0361 + RESERVED +CVE-2011-0360 + RESERVED +CVE-2011-0359 + RESERVED +CVE-2011-0358 + RESERVED +CVE-2011-0357 + RESERVED +CVE-2011-0356 + RESERVED +CVE-2011-0355 + RESERVED +CVE-2011-0354 + RESERVED +CVE-2011-0353 + RESERVED +CVE-2011-0352 + RESERVED +CVE-2011-0351 + RESERVED +CVE-2011-0350 + RESERVED +CVE-2011-0349 + RESERVED +CVE-2011-0348 + RESERVED +CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to ...) + TODO: check +CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in ...) + TODO: check +CVE-2011-0345 + RESERVED +CVE-2011-0344 + RESERVED +CVE-2011-0342 + RESERVED +CVE-2011-0341 + RESERVED +CVE-2011-0340 + RESERVED +CVE-2011-0339 + RESERVED +CVE-2011-0338 + RESERVED +CVE-2011-0337 + RESERVED +CVE-2011-0336 + RESERVED +CVE-2011-0335 + RESERVED +CVE-2011-0334 + RESERVED +CVE-2011-0333 + RESERVED +CVE-2011-0332 + RESERVED +CVE-2011-0331 + RESERVED +CVE-2011-0330 + RESERVED +CVE-2011-0329 + RESERVED +CVE-2011-0328 + RESERVED +CVE-2011-0327 + RESERVED +CVE-2011-0326 + RESERVED +CVE-2011-0325 + RESERVED +CVE-2011-0324 + RESERVED +CVE-2011-0323 + RESERVED +CVE-2011-0322 + RESERVED +CVE-2011-0321 + RESERVED +CVE-2011-0320 + RESERVED +CVE-2011-0319 + RESERVED +CVE-2011-0318 + RESERVED +CVE-2011-0317 + RESERVED +CVE-2011-0316 + RESERVED +CVE-2011-0315 + RESERVED +CVE-2011-0314 + RESERVED +CVE-2011-0313 + RESERVED +CVE-2011-0312 + RESERVED +CVE-2011-0311 + RESERVED +CVE-2011-0310 + RESERVED +CVE-2011-0309 + RESERVED +CVE-2011-0308 + RESERVED +CVE-2011-0307 + RESERVED +CVE-2011-0306 + RESERVED +CVE-2011-0305 + RESERVED +CVE-2011-0304 + RESERVED +CVE-2011-0303 + RESERVED +CVE-2011-0302 + RESERVED +CVE-2011-0301 + RESERVED +CVE-2011-0300 + RESERVED +CVE-2011-0299 + RESERVED +CVE-2011-0298 + RESERVED +CVE-2011-0297 + RESERVED +CVE-2011-0296 + RESERVED +CVE-2011-0295 + RESERVED +CVE-2011-0294 + RESERVED +CVE-2011-0293 + RESERVED +CVE-2011-0292 + RESERVED +CVE-2011-0291 + RESERVED +CVE-2011-0290 + RESERVED +CVE-2011-0289 + RESERVED +CVE-2011-0288 + RESERVED +CVE-2011-0287 + RESERVED +CVE-2011-0286 + RESERVED +CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check +CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check +CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security ...) + TODO: check +CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check +CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco ...) + TODO: check +CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS ...) + TODO: check +CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not ...) + TODO: check +CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...) + TODO: check +CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, ...) + TODO: check +CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote ...) + TODO: check +CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...) + TODO: check +CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check +CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check +CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check +CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check +CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices ...) + TODO: check +CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check +CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check +CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...) + TODO: check +CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check +CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check +CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) + TODO: check +CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) + TODO: check +CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) + TODO: check +CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote ...) + TODO: check +CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 ...) + TODO: check +CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...) + TODO: check +CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...) + TODO: check CVE-2011-XXXX - xdigger <removed> (bug #609096) [lenny] - xdigger <no-dsa> (Minor issue) @@ -16,6 +294,7 @@ CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable] - zhcon <unfixed> (bug #608981) TODO: check CVE-2011-0343 [syslog-ng log permissions] + RESERVED - syslog-ng 3.1.3-2 (bug #608491) [lenny] - syslog-ng <not-affected> (Freebsd-specific, which is not supported in Lenny) CVE-2010-XXXX [XSS in ftpls] @@ -85,8 +364,7 @@ CVE-2010-4647 RESERVED CVE-2010-4646 RESERVED -CVE-2010-4644 [fix server-side memory leaks triggered by 'blame -g'] - RESERVED +CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...) - subversion 1.6.12dfsg-3 (bug #608989) NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8 CVE-2010-4643 @@ -137,17 +415,13 @@ CVE-2010-4621 RESERVED CVE-2010-4620 RESERVED -CVE-2010-4543 [heap overflow read_channel_data() in file-psp.c] - RESERVED +CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in ...) - gimp <unfixed> (bug #608497) -CVE-2010-4542 [GFIG plugin stack buffer overflow] - RESERVED +CVE-2010-4542 (Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows ...) - gimp <unfixed> (bug #608497) -CVE-2010-4541 [SPHERE DESIGNER plugin stack buffer overflow] - RESERVED +CVE-2010-4541 (Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP ...) - gimp <unfixed> (bug #608497) -CVE-2010-4540 [LIGHTING EFFECTS > LIGHT plugin stack buffer overflow] - RESERVED +CVE-2010-4540 (Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin ...) - gimp <unfixed> (bug #608497) CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka ...) NOT-FOR-US: Mafya Oyun Scrpti @@ -768,8 +1042,7 @@ CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBa NOT-FOR-US: Invensys Wonderware InBatch CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control ...) NOT-FOR-US: SAP NetWeaver Business Client -CVE-2010-4523 - RESERVED +CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...) - opensc 0.11.13-1.1 (low; bug #607427) [lenny] - opensc <no-dsa> (Minor issue) CVE-2010-4555 @@ -856,12 +1129,10 @@ CVE-2010-XXXX [wordpress: insufficient permissions verification on XMLRPC interf - wordpress 3.0.3-1 (bug #606657) [lenny] - wordpress <not-affected> (vulnerable code not present) NOTE: http://core.trac.wordpress.org/changeset/16803 -CVE-2010-4539 [crash in mod_dav_svn when using SVNParentPath] - RESERVED +CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache ...) - subversion 1.6.12dfsg-4 (bug #608989) NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8 -CVE-2010-4538 [ENTTEC dissector overflow] - RESERVED +CVE-2010-4538 (Buffer overflow in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 ...) - wireshark <unfixed> (bug #608990) CVE-2010-4537 RESERVED @@ -900,8 +1171,7 @@ CVE-2010-4530 [ccid driver buffer overflow] CVE-2010-4529 RESERVED - linux-2.6 2.6.32-30 -CVE-2010-4528 [pidgin msn issue] - RESERVED +CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...) - pidgin 2.7.9-1 (bug #608331; medium) CVE-2010-4527 RESERVED @@ -1042,17 +1312,17 @@ CVE-2011-0002 RESERVED CVE-2011-0001 RESERVED -CVE-2010-4499 - RESERVED -CVE-2010-4498 - RESERVED -CVE-2010-4497 - RESERVED -CVE-2010-4496 - RESERVED +CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...) + TODO: check +CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...) + TODO: check +CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information ...) + TODO: check +CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information ...) + TODO: check CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in ...) NOT-FOR-US: TIBCO ActiveMatrix -CVE-2010-4494 (Double free vulnerability in Google Chrome before 8.0.552.215 allows ...) +CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...) {DSA-2137-1} - libxml2 2.7.8.dfsg-2 (bug #607922) - chromium-browser 5.0.375.29~r46008-1 @@ -1465,12 +1735,12 @@ CVE-2010-4326 RESERVED CVE-2010-4325 RESERVED -CVE-2010-4324 - RESERVED +CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...) + TODO: check CVE-2010-4323 RESERVED -CVE-2010-4322 - RESERVED +CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...) + TODO: check CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...) NOT-FOR-US: Novell iPrint client CVE-2010-4320 @@ -1926,8 +2196,7 @@ CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remot [lenny] - proftpd-dfsg <no-dsa> (Minor issue) CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google ...) - libvpx 0.9.1-2 (bug #602693) -CVE-2010-4160 - RESERVED +CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in ...) - linux-2.6 <unfixed> (low) CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel ...) - linux-2.6 2.6.32-29 (low) @@ -2009,7 +2278,7 @@ CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, NOT-FOR-US: HP StorageWorks CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency ...) NOT-FOR-US: HP DDMI -CVE-2010-4113 (Unspecified vulnerability in HP Power Manager (HPPM) before 4.3.2 ...) +CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 ...) NOT-FOR-US: HP HPPM CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to ...) NOT-FOR-US: HP Insight Management Agents @@ -2339,8 +2608,8 @@ CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manage NOT-FOR-US: HP VCEM CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...) NOT-FOR-US: HP Operations Orchestration -CVE-2010-3984 - RESERVED +CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...) + TODO: check CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote ...) NOT-FOR-US: SAP BusinessObjects Enterprise CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to ...) @@ -2367,7 +2636,7 @@ CVE-2010-3972 (The TELNET_STREAM_CONTEXT::OnSendData function in the FTP protoco NOT-FOR-US: Microsoft Internet Information Services CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...) NOT-FOR-US: Microsoft Internet Explorer 7 and 8 -CVE-2010-3970 (Unspecified vulnerability in Microsoft Windows has unknown impact and ...) +CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in ...) NOT-FOR-US: Microsoft Windows CVE-2010-3969 RESERVED @@ -2617,8 +2886,7 @@ CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel bef - linux-2.6 2.6.32-27 CVE-2010-3857 RESERVED -CVE-2010-3856 - RESERVED +CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...) {DSA-2122-1} - glibc <removed> - eglibc <unfixed> (bug #600667) @@ -2643,8 +2911,7 @@ CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linu CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in ...) {DSA-2126-1} - linux-2.6 2.6.32-28 -CVE-2010-3847 - RESERVED +CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...) {DSA-2122-1} - eglibc 2.11.2-7 (bug #600667) - glibc <removed> @@ -4141,8 +4408,7 @@ CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...) - epiphany-browser 2.29.91-1 (bug #564690) [lenny] - epiphany-browser <not-affected> (Introduced with the switch to webkit after Lenny release) -CVE-2010-3311 [freetype heap-based buffer overflow] - RESERVED +CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType ...) {DSA-2116-1} - freetype 2.4.0-1 NOTE: Only the 2.3.x series is affected @@ -4401,7 +4667,7 @@ CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remot NOT-FOR-US: Microsoft Word CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote ...) NOT-FOR-US: Microsoft Word -CVE-2010-3217 (Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary ...) +CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote ...) NOT-FOR-US: Microsoft Word CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...) NOT-FOR-US: Microsoft Word @@ -4435,8 +4701,8 @@ CVE-2010-XXXX [vlc stack overflow] - vlc <not-affected> (Windows-specific) CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...) NOT-FOR-US: flock -CVE-2010-3201 - RESERVED +CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before ...) + TODO: check CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...) NOT-FOR-US: Microsoft Word CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...) @@ -4473,7 +4739,7 @@ CVE-2010-3185 RESERVED CVE-2010-3184 RESERVED -CVE-2010-3183 (The LookupGetterOrSetter function in Mozilla Firefox before 3.5.14 and ...) +CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...) {DSA-2124-1} - xulrunner <removed> - iceweasel 3.5.14-1 @@ -6045,17 +6311,13 @@ CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, whe NOTE: http://trac.webkit.org/changeset/58957 CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 ...) NOT-FOR-US: IBM WebSphere Service Registry and Repository -CVE-2010-2643 - RESERVED +CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component ...) - evince <unfixed> (bug #609534) -CVE-2010-2642 - RESERVED +CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend ...) - evince <unfixed> (bug #609534) -CVE-2010-2641 - RESERVED +CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component ...) - evince <unfixed> (bug #609534) -CVE-2010-2640 - RESERVED +CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component ...) - evince <unfixed> (bug #609534) CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...) NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0 @@ -13178,8 +13440,8 @@ CVE-2010-0217 RESERVED CVE-2010-0216 RESERVED -CVE-2010-0215 - RESERVED +CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...) + TODO: check CVE-2010-0214 RESERVED CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a ...) |