diff options
author | security tracker role <sectracker@soriano.debian.org> | 2019-11-26 08:10:13 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2019-11-26 08:10:13 +0000 |
commit | bd342e22e6bc23c8f26906f8d9a85c3ed791057a (patch) | |
tree | 69daf030b6850626ac1a98b96b405cd44de16b5c /data/CVE/2011.list | |
parent | 889e53f02e6edcbf1b923d16288fc0c7e43b73e2 (diff) |
automatic update
Diffstat (limited to 'data/CVE/2011.list')
-rw-r--r-- | data/CVE/2011.list | 63 |
1 files changed, 21 insertions, 42 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index d7bcc33090..dad43f5a3b 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -2278,8 +2278,7 @@ CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063 NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191 -CVE-2011-4350 - RESERVED +CVE-2011-4350 (Yaws 1.91 has a directory traversal vulnerability in the way certain U ...) - yaws 1.91-2 (bug #650009) [lenny] - yaws <not-affected> (Vulnerable code not present) [squeeze] - yaws <not-affected> (Vulnerable code not present) @@ -2810,11 +2809,9 @@ CVE-2011-4123 REJECTED CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...) NOT-FOR-US: OpenPAM -CVE-2011-4121 - RESERVED +CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up ...) - ruby1.9.1 <not-affected> (Only affected trunk versions) -CVE-2011-4120 [authentication bypass by pressing ctrl-d] - RESERVED +CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...) - yubico-pam 2.10-1 CVE-2011-4119 RESERVED @@ -2920,8 +2917,7 @@ CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before [squeeze] - net6 <no-dsa> (Minor issue) [lenny] - net6 <no-dsa> (Minor issue) - net6 1:1.3.14-1 (low; bug #647318) -CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin] - RESERVED +CVE-2011-4090 (Serendipity before 1.6 has an XSS issue in the karma plugin which may ...) - serendipity <removed> (bug #650937) [squeeze] - serendipity <no-dsa> (Minor issue) NOTE: http://seclists.org/oss-sec/2011/q4/192 @@ -2945,8 +2941,7 @@ CVE-2011-4084 REJECTED CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x ...) NOT-FOR-US: RedHat sos -CVE-2011-4082 - RESERVED +CVE-2011-4082 (A local file inclusion flaw was found in the way the phpLDAPadmin befo ...) - phpldapadmin 0.9.8-1 CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local use ...) - linux-2.6 3.0.0-6 @@ -2968,8 +2963,7 @@ CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when P CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c ...) {DSA-2389-1} - linux-2.6 3.0.0-6 -CVE-2011-4076 - RESERVED +CVE-2011-4076 (OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCE ...) - nova 2012.1~e1-1 NOTE: https://bugs.launchpad.net/nova/+bug/868360 NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/ @@ -4167,14 +4161,11 @@ CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when th NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353 CVE-2011-3633 REJECTED -CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees] - RESERVED +CVE-2011-3632 (Hardlink before 0.1.2 operates on full file system objects path names ...) - hardlink <not-affected> (Only the C version, ours are written in Python) -CVE-2011-3631 [hardlink has buffer overflows, is unsafe on changing trees] - RESERVED +CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to heap-b ...) - hardlink <not-affected> (Only the C version, ours are written in Python) -CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees] - RESERVED +CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...) - hardlink <not-affected> (Only the C version, ours are written in Python) CVE-2011-3629 RESERVED @@ -4195,8 +4186,7 @@ CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in - mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987) [squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes) - mplayer2 2.0-134-g84d8671-9 (bug #646937) -CVE-2011-3624 - RESERVED +CVE-2011-3624 (Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and ea ...) - ruby1.8 <removed> (low; bug #646020) [lenny] - ruby1.8 <no-dsa> (Minor issue) [squeeze] - ruby1.8 <no-dsa> (Minor issue) @@ -4225,8 +4215,7 @@ CVE-2011-3618 (atop: symlink attack possible due to insecure tempfile handling . - atop 1.23-1.1 (low; bug #622794) [lenny] - atop 1.23-1+lenny1 (bug #622794) [squeeze] - atop 1.23-1+squeeze1 (bug #622794) -CVE-2011-3617 [tahoe-lafs: an unauthorized user can delete files] - RESERVED +CVE-2011-3617 (Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to del ...) - tahoe-lafs 1.8.3-1 (bug #641540) CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...) - conky 1.8.0-1.1 (low; bug #612033) @@ -4249,16 +4238,14 @@ CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB] CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others] RESERVED NOT-FOR-US: Serendipity plugin -CVE-2011-3609 [CSRF in the JBoss AS 7 administration console & HTTP management API] - RESERVED +CVE-2011-3609 (A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBo ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2011-3608 REJECTED CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the Ap ...) {DSA-2405-1} - apache2 2.2.21-4 -CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console] - RESERVED +CVE-2011-3606 (A DOM based cross-site scripting flaw was found in the JBoss Applicati ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) bef ...) {DSA-2323-1} @@ -4281,8 +4268,7 @@ CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertis [squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION) [lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION) NOTE: http://seclists.org/oss-sec/2011/q4/30 -CVE-2011-3600 - RESERVED +CVE-2011-3600 (The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler i ...) - libxmlrpc3-java 3.1.3-1 (low) [lenny] - libxmlrpc3-java <no-dsa> (Minor issue) CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when ...) @@ -4300,8 +4286,7 @@ CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for [squeeze] - perl 5.10.1-17squeeze3 [lenny] - perl <no-dsa> (Minor issue) NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e -CVE-2011-3596 - RESERVED +CVE-2011-3596 (Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-c ...) - polipo 1.0.4.1-1.2 (bug #644289) [squeeze] - polipo <no-dsa> (Minor issue) NOTE: http://seclists.org/fulldisclosure/2011/Oct/10 @@ -4342,13 +4327,11 @@ CVE-2011-3585 - cifs-utils 2:4.5-1 (low) NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200 -CVE-2011-3584 [TYPO3-SA-2011-003] - RESERVED +CVE-2011-3584 (The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to ...) - typo3-src 4.5.6+dfsg1-1 (low; bug #641683) [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2 [lenny] - typo3-src 4.2.5-1+lenny9 -CVE-2011-3583 [TYPO3-SA-2011-002] - RESERVED +CVE-2011-3583 (It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...) - typo3-src 4.5.6+dfsg1-1 (low; bug #641682) [squeeze] - typo3-src <not-affected> (Only affects 4.5.x) [lenny] - typo3-src <not-affected> (Only affects 4.5.x) @@ -4939,12 +4922,10 @@ CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does no {DSA-2401-1} - tomcat6 6.0.33-1 - tomcat7 7.0.22-1 -CVE-2011-3374 [apt-key insecure validation] - RESERVED +CVE-2011-3374 (It was found that apt-key in apt, all versions, do not correctly valid ...) - apt <unfixed> (unimportant; bug #642480) NOTE: Not exploitable in Debian, since no keyring URI is defined -CVE-2011-3373 - RESERVED +CVE-2011-3373 (Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 do ...) NOT-FOR-US: Views Bulk Operations module for Drupal CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2 ...) {DSA-2318-1} @@ -5010,8 +4991,7 @@ CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in config_def - mantis 1.2.7-1 (low; bug #640297) [squeeze] - mantis <not-affected> (Vulnerable code not present) [lenny] - mantis <not-affected> (Vulnerable code not present) -CVE-2011-3355 - RESERVED +CVE-2011-3355 (evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) con ...) - evolution-data-server3 3.2.1-1 (bug #641052) CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fuse/dev ...) {DSA-2389-1} @@ -5020,8 +5000,7 @@ CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in fs/fus [squeeze] - linux-2.6 2.6.32-36 CVE-2011-3352 (Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improp ...) NOT-FOR-US: Zikula -CVE-2011-3351 - RESERVED +CVE-2011-3351 (openvas-scanner before 2011-09-11 creates a temporary file insecurely ...) - openvas-server <removed> (low; bug #641327) [squeeze] - openvas-server <no-dsa> (Minor issue) NOTE: openvas-scanner in experimental also affected according to #671327 |