diff options
Diffstat (limited to 'data/CVE/2011.list')
| -rw-r--r-- | data/CVE/2011.list | 88 |
1 files changed, 50 insertions, 38 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 00c365437a..ec117e233f 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -15,9 +15,8 @@ CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882 NOTE: https://www.openwall.com/lists/oss-security/2016/04/10/5 CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...) - {DLA-1445-1} + {DLA-2559-1 DLA-1445-1} - busybox 1:1.27.2-1 (bug #802702) - [stretch] - busybox <no-dsa> (Minor issue) [wheezy] - busybox <no-dsa> (Minor issue) [squeeze] - busybox <no-dsa> (Minor issue) CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7. ...) @@ -448,7 +447,7 @@ CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...) NOT-FOR-US: Family Connections CMS CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...) - - xchat <unfixed> (unimportant; bug #686454) + - xchat <removed> (unimportant; bug #686454) CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...) NOT-FOR-US: Adminimize plugin for Wordpress CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2 ...) @@ -783,15 +782,15 @@ CVE-2011-4980 CVE-2011-4979 REJECTED CVE-2011-4978 - RESERVED + REJECTED CVE-2011-4977 - RESERVED + REJECTED CVE-2011-4976 - RESERVED + REJECTED CVE-2011-4975 - RESERVED + REJECTED CVE-2011-4974 - RESERVED + REJECTED CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...) - libapache2-mod-nss 1.0.8-4 (low; bug #729626) [wheezy] - libapache2-mod-nss <no-dsa> (Minor issue) @@ -1745,7 +1744,7 @@ CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in - libav 4:0.7.3-1 - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2 CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an appropria ...) {DSA-2362-1} - acpid 1:2.0.11-1 @@ -1757,8 +1756,9 @@ CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x befor - openssl 1.0.0f-1 CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss E ...) NOT-FOR-US: JMX Console -CVE-2011-4574 - RESERVED +CVE-2011-4574 (PolarSSL versions prior to v1.1 use the HAVEGE random number generatio ...) + - polarssl 1.1.0-1 + NOTE: https://tls.mbed.org/tech-updates/security-advisories/polarssl-security-advisory-2011-02 CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...) NOT-FOR-US: JBoss Operations Network CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...) @@ -2287,7 +2287,7 @@ CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, - namazu2 2.0.21-1 (low) [squeeze] - namazu2 <no-dsa> (Minor issue) CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins be ...) - - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900) + - jenkins-winstone 0.9.10-jenkins-29+dfsg-1 (bug #649900) CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 thro ...) NOT-FOR-US: Apache MyFaces CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the Ba ...) @@ -2304,7 +2304,7 @@ CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shama CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...) NOT-FOR-US: Support Incident Tracker CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...) - NOT-FOR-US: Tiki Wiki + - tikiwiki <removed> CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...) NOT-FOR-US: Contao CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...) @@ -2786,12 +2786,21 @@ CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO io {DSA-2443-1 DSA-2389-1} - libguestfs 1:1.14.8-1 - linux-2.6 <removed> -CVE-2011-4126 - RESERVED -CVE-2011-4125 - RESERVED -CVE-2011-4124 - RESERVED +CVE-2011-4126 (Race condition issues were found in Calibre at devices/linux_mount_hel ...) + - calibre 1.5.0+dfsg-1 (bug #584915) + NOTE: Vulnerable code removed upstream at version 1.4.0 + NOTE: https://github.com/kovidgoyal/calibre/commit/7d54d25844efebfb3d6de2bb2b9af77dbf72d8b8 (v1.4.0) + NOTE: Removed by Debian packaging in 0.6.54+dfsg-1. +CVE-2011-4125 (A untrusted search path issue was found in Calibre at devices/linux_mo ...) + - calibre 1.5.0+dfsg-1 (bug #584915) + NOTE: Vulnerable code removed upstream at version 1.4.0 + NOTE: https://github.com/kovidgoyal/calibre/commit/7d54d25844efebfb3d6de2bb2b9af77dbf72d8b8 (v1.4.0) + NOTE: Removed by Debian packaging in 0.6.54+dfsg-1. +CVE-2011-4124 (Input validation issues were found in Calibre at devices/linux_mount_h ...) + - calibre 1.5.0+dfsg-1 (bug #584915) + NOTE: Vulnerable code removed upstream at version 1.4.0 + NOTE: https://github.com/kovidgoyal/calibre/commit/7d54d25844efebfb3d6de2bb2b9af77dbf72d8b8 (v1.4.0) + NOTE: Removed by Debian packaging in 0.6.54+dfsg-1. CVE-2011-4123 REJECTED CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM be ...) @@ -2800,8 +2809,8 @@ CVE-2011-4121 (The OpenSSL extension of Ruby (Git trunk) versions after 2011-09- - ruby1.9.1 <not-affected> (Only affected trunk versions) CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when 'use_ ...) - yubico-pam 2.10-1 -CVE-2011-4119 - RESERVED +CVE-2011-4119 (caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe t ...) + NOT-FOR-US: caml-light CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...) NOT-FOR-US: perl Batch::BatchRun CPAN module CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...) @@ -3555,7 +3564,7 @@ CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows {DSA-2314-1} - puppet 2.7.3-3 CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player ...) - NOT-FOR-US: Vmware + NOT-FOR-US: VMware CVE-2011-3867 REJECTED CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly re ...) @@ -4027,8 +4036,7 @@ CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2 - bugzilla <removed> (low) [squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS) [lenny] - bugzilla <no-dsa> (Minor issue) -CVE-2011-3656 - RESERVED +CVE-2011-3656 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6 ...) - iceweasel 4.0-1 [squeeze] - iceweasel <end-of-life> (Iceweasel not supported in Squeeze LTS) CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perfor ...) @@ -6210,7 +6218,7 @@ CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...) NOT-FOR-US: Red Hat Network Satellite server CVE-2011-2926 - RESERVED + REJECTED CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 re ...) NOT-FOR-US: Cumin CVE-2011-2924 (foomatic-rip filter v4.0.12 and prior used insecurely creates temporar ...) @@ -8194,8 +8202,10 @@ CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rail - rails <not-affected> (Affected plugin not installed, see bug #634990) CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as dis ...) NOT-FOR-US: JBoss Seam -CVE-2011-2195 - RESERVED +CVE-2011-2195 (A flaw was found in WebSVN 2.3.2. Without prior authentication, if the ...) + - websvn <removed> + NOTE: Windows-specific + NOTE: mitigated by https://github.com/websvnphp/websvn/commit/50f02cf848c5bdebb66d9b017389c9d688887d4f CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue ...) {DSA-2329-1} - torque 2.4.15+dfsg-1 (bug #635342) @@ -8404,14 +8414,14 @@ CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg be - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPl ...) {DSA-2306-1} - libav 4:0.6-1 (bug #628448) - ffmpeg 7:2.4.1-1 - ffmpeg-debian <end-of-life> NOTE: duplicate of CVE-2011-0723 - NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6 CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type he ...) NOT-FOR-US: SmarterStats CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect Content-T ...) @@ -8840,7 +8850,7 @@ CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect [squeeze] - wireshark <not-affected> (Affects 1.4.5 only) NOTE: Crashes w/o code injection not treated as security issues, see README.Security CVE-2011-1955 - RESERVED + REJECTED CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post Rev ...) NOT-FOR-US: Post Revolution CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in P ...) @@ -8873,7 +8883,7 @@ CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util - network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876 CVE-2011-1942 - RESERVED + REJECTED CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin 3. ...) - phpmyadmin 4:3.4.1-1 [lenny] - phpmyadmin <not-affected> (3.4.x only) @@ -10071,8 +10081,10 @@ CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when [squeeze] - httpcomponents-client 4.0.1-1squeeze1 NOTE: http://seclists.org/oss-sec/2011/q2/188 NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt -CVE-2011-1497 - RESERVED +CVE-2011-1497 (A cross-site scripting vulnerability flaw was found in the auto_link f ...) + - rails <not-affected> (Fixed before initial release of rails 4.0 to Debian) + NOTE: https://www.openwall.com/lists/oss-security/2011/04/06/13 + NOTE: https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...) {DSA-2212-1} - tmux 1.4-6 (bug #620304) @@ -10939,7 +10951,7 @@ CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx - gimp 2.6.10-1 NOTE: Likely fixed earlier, but only the squeeze version was checked CVE-2011-1177 - RESERVED + REJECTED CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...) {DSA-2202-1} - apache2 2.2.17-2 (bug #618857; medium) @@ -11297,8 +11309,8 @@ CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allo [lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36) [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36) [wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36) -CVE-2011-1075 - RESERVED +CVE-2011-1075 (FreeBSD's crontab calculates the MD5 sum of the previous and new cronj ...) + - cron <not-affected> (Debian's cron not affected) CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ex ...) - cron <not-affected> (Debian's cron not affected) CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) @@ -14085,7 +14097,7 @@ CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...) - wireshark 1.2-0-1 CVE-2011-0023 - RESERVED + REJECTED CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...) NOT-FOR-US: 389 LDAP server CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subtitles ...) @@ -14094,7 +14106,7 @@ CVE-2011-0522 (The StripTags function in (1) the USF decoder (modules/codec/subt CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in Vi ...) - vlc 1.1.3-1squeeze2 [lenny] - vlc <not-affected> (Vulnerable code not present) - NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab + NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph func ...) - pango1.0 1.28.3-1+squeeze1 (bug #610792) CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Dire ...) |