Author: joeyh
Date: 2011-07-22 21:14:51 +0000 (Fri, 22 Jul 2011)
New Revision: 16968
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-07-22 18:33:23 UTC (rev 16967)
+++ data/CVE/list 2011-07-22 21:14:51 UTC (rev 16968)
@@ -1,3 +1,7 @@
+CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix
Access ...)
+ TODO: check
+CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX
control ...)
+ TODO: check
CVE-2011-2881
RESERVED
CVE-2011-2880
@@ -401,8 +405,7 @@
- drupal6 <not-affected>
CVE-2011-2686
RESERVED
-CVE-2011-2685 [libreoffice lotus word pro filter, wrong object id cast ]
- RESERVED
+CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter
in ...)
{DSA-2275-1}
- libreoffice 1:3.3.3-1
- openoffice.org 1:3.3.0-1
@@ -813,8 +816,8 @@
- linux-2.6 2.6.39-1 (low)
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2011-2520
- RESERVED
+CVE-2011-2520 (fw_dbus.py in system-config-firewall 1.2.29 and earlier uses
the ...)
+ TODO: check
CVE-2011-2519
RESERVED
CVE-2011-2518
@@ -2710,9 +2713,9 @@
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84085
-CVE-2011-1797
- RESERVED
+CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
{DSA-2245-1}
+ TODO: check
CVE-2011-1796
RESERVED
- chromium-browser 11.0.696.65~r84435-1
@@ -2809,8 +2812,7 @@
- linux-2.6 <unfixed> (low)
CVE-2011-1775 (The CSecurityTLS::processMsg function in
common/rfb/CSecurityTLS.cxx ...)
NOT-FOR-US: TigerVNC
-CVE-2011-1774
- RESERVED
+CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt
security ...)
- xmlsec1 1.2.14-1.1
NOTE: very likely a duplicate of cve-2011-1425
NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
@@ -3673,8 +3675,8 @@
NOTE: ini setting needs to be modified.
CVE-2011-1463
RESERVED
-CVE-2011-1462
- RESERVED
+CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-1461
RESERVED
CVE-2011-1460
@@ -3683,8 +3685,8 @@
RESERVED
CVE-2011-1458
RESERVED
-CVE-2011-1457
- RESERVED
+CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF
forms, ...)
- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF
...)
@@ -3694,8 +3696,8 @@
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84015
-CVE-2011-1453
- RESERVED
+CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote
attackers ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
@@ -4158,7 +4160,7 @@
[squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80520
-CVE-2011-1295 (Google Chrome before 10.0.648.204 does not properly handle node
...)
+CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple
Safari ...)
- chromium-browser 10.0.648.204~r79063-1
[squeeze] - chromium-browser <no-dsa> (hard merge)
- webkit <undetermined>
@@ -4191,8 +4193,8 @@
NOTE: http://trac.webkit.org/changeset/80787
CVE-2011-1289
RESERVED
-CVE-2011-1288
- RESERVED
+CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-1287
RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows
remote ...)
@@ -7412,12 +7414,12 @@
RESERVED
CVE-2011-0256
RESERVED
-CVE-2011-0255
- RESERVED
-CVE-2011-0254
- RESERVED
-CVE-2011-0253
- RESERVED
+CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-0252
RESERVED
CVE-2011-0251
@@ -7434,32 +7436,32 @@
RESERVED
CVE-2011-0245
RESERVED
-CVE-2011-0244
- RESERVED
+CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote
...)
+ TODO: check
CVE-2011-0243
RESERVED
-CVE-2011-0242
- RESERVED
-CVE-2011-0241
- RESERVED
-CVE-2011-0240
- RESERVED
+CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+ TODO: check
+CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before
5.0.6 ...)
+ TODO: check
+CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-0239
RESERVED
-CVE-2011-0238
- RESERVED
-CVE-2011-0237
- RESERVED
+CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-0236
RESERVED
-CVE-2011-0235
- RESERVED
-CVE-2011-0234
- RESERVED
-CVE-2011-0233
- RESERVED
-CVE-2011-0232
- RESERVED
+CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-0231
RESERVED
CVE-2011-0230
@@ -7472,30 +7474,30 @@
TODO: check
CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before
2.4.6, ...)
TODO: check
-CVE-2011-0225
- RESERVED
+CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-0224
RESERVED
-CVE-2011-0223
- RESERVED
-CVE-2011-0222
- RESERVED
-CVE-2011-0221
- RESERVED
+CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
CVE-2011-0220
RESERVED
-CVE-2011-0219
- RESERVED
-CVE-2011-0218
- RESERVED
-CVE-2011-0217
- RESERVED
-CVE-2011-0216
- RESERVED
-CVE-2011-0215
- RESERVED
-CVE-2011-0214
- RESERVED
+CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the
Same ...)
+ TODO: check
+CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
+ TODO: check
+CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to
scripts ...)
+ TODO: check
+CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows
remote ...)
+ TODO: check
+CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not
properly ...)
+ TODO: check
+CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not
properly ...)
+ TODO: check
CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8
allows ...)
NOT-FOR-US: QuickTime in Apple Mac OS
CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote
attackers to ...)
@@ -15440,7 +15442,6 @@
NOTE: poc seems to cause a dos in both chromium and webkit; not sure if
code execution is possible
NOTE: This is Safari only
CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in
libopie ...)
- {DSA-2281-1}
- opie 2.32.dfsg.1-0.2 (low; bug #584932)
[lenny] - opie 2.32-10.2+lenny2
CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in
SBLIM ...)
@@ -17066,8 +17067,8 @@
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
NOTE: http://trac.webkit.org/changeset/58703
-CVE-2010-1420
- RESERVED
+CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple
Safari ...)
+ TODO: check
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
- webkit 1.2.1-2
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -17293,8 +17294,8 @@
- chromium-browser <unfixed> (unimportant)
NOTE: This is based on various misconceptions surrounding "phishing"
The only supported browser security model
NOTE: surrounding URLs is the accurate post-link-click indication of
the final target URL in the URL bar.
-CVE-2010-1383
- RESERVED
+CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote
web ...)
+ TODO: check
CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in
Apple Mac ...)
NOT-FOR-US: Apple Mac OS X
CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X
10.5.8, ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
